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Vulnerability 
Management and Policy 
Compliance API 


Use these API calls to manage vulnerability and 
compliance scans and report on scan results. 


Scans | Authentication | Scanner Appliances | Option 
Profiles | KnowledgeBase | Reports | Report 
Templates | Remediation | Compliance Info | Users | 
Activity Log v2 | Activity Log v1 


Looking for more information? 
Qualys API (VM, PC) User Guide 
Qualys API (VM, PC) XML/DTD Reference 


Scans 


Manage Scans 


VM Scans - /api/2.0/fo/scan/ 
Compliance Scans - /api/2.0/fo/scan/compliance/ 
SCAP Scans - /api/2.0/fo/scan/scap/ 


List Scans: (GET + POST) 
action={list}& 
echo_request={0|1}& 
scan_ref={value}& 
state={Running|Paused|Canceled|Finished| 
Error|Queued|Loading}& 
processed={0|1}& 
type={On-Demand|Scheduled|API}& 
target={ip,range...}& 
user_login={login}& 
launched_after_datetime=({date/time}& 
launched_before_datetime={date/time}& 
show_ags={0|1}& 
show_op={0|1}& 
show_status={0|1}& 
show_last={0|1}& 
pci_only={0|1}& 
ignore_target={0|1}& 
client_id= {value}& 
client_name={value}& 
ec2_instance_ids={value}& 
scap_scan_since={date}& 
no_scap_scan_since={date}& 
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Manage Scans: (POST) 


action={cancel|pause|resume}& 
echo_request={0|1}& 
scan_ref={value}& 


Download Scan Results: (GET + POST) 


action={fetch}& 

echo_request={0|1}& 

scan_ref={value}& 

*ips=f{ip,range...}& 
*mode=(brieflextended] 8 
*output_format={csv|json|csv_extended| 
json_extended}& 


Notes: * means VM scan only 


Share PCI Scan: (GET + POST) 


action={share|status}& *POST for share 
echo_request={0|1}& 
scan_ref={value}& 
merchant_username={value}& 


Scan Summary: (GET + POST) 
/api/2.0/fo/scan/summary 
action={list}& 
scan_date_since={value}& 
scan_date_to={value}& 
output_format={value}& 
tracking method={value}& 
include_dead={0|1}& 
ude_excluded=(0|1}& 
ude_unresolved=(0|1}& 
ude_cancelled={0|1}& 
ude_notvuln={0|1}& 
ude_blocked={0|1}& 
ude_duplicate={0|1}& 
ude_aborted={0|1}& 


Scanner Details: (GET + POST) 
/api/2.0/fo/scan/scanner 
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action={list}& 
scan_date_since={value}& 
scan_date_to={value}& 
ips={value}& 
output_format=XML& 
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Launch Scan 
VM Scan - /api/2.0/fo/scan/ 


Compliance Scan - /api/2.0/fo/scan/compliance/ 


Launch Scan: (POST) 


action={launch}& 
echo_request={0|1}& 
scan_ref={value}& 
scan_title={value}& 
target_from={assets|tags}& 
ip={value}& 

asset_groups={value}& 
asset_group_ids={value}& 
exclude_ip_per_scan={value}& 

tag include_selector=(alllany)8 

tag exclude_selector=(alllany)8 
tag set_by={idname}& 

tag set include=fvalue}& 
tag_set_exclude={value}& 
use_ip_nt_range_tags={0|1}& 

use ip nt range tags include={0|1}& 
use ip nt range tags exclude=/(0/1)8 
iscanner id={valuel,value2...}& 
iscanner_name=({valuel,value2...}& 
default_scanner={0|1}& 
scanners_in_ag={0|1}& 
scanners_in_tagset={0|1}& 
scanners_in_network={value} 
option_title=(value}& 
option_id={value}& 
priority={value}& (0-9) “default is 0 
runtime_http_header={value}& 


connector name={value}& *for EC2 scan 


ec2_endpoint={value}& *for EC2 scan 
ip_network_id={id}& 

fqdn={value}& 

client_id= {value}& 
client_name=({value}& 
ec2_instance_ids={value}& 


== 


Scheduled Scans 

VM Scans - /api/2.0/fo/schedule/scan/ 

List Scheduled Scans: (GET) 
action={list}& 


echo_request={0|1}& 
id={value}& 


active=({0|1}& 
show_notifications={0|1}& 
client_id= {value}& 
client_name={value}& 


Create Scheduled Scan: (POST) 


action={create}& 
echo_request={0|1}& 
scan_title={value}& 
active={0|1}& 
option_title={value}& 
option_id={value}& 
iscanner_id={valuel,value2...}& 
iscanner name=f{value1,value2...}& 
ip={value}& 
asset_groups={value}& 
asset_group_ids={value}& 
default_scanner={0|1}& 
scanners_in_ag={0|1}& 
scanners_in_tagset={0|1}& 
exclude_ip_per_scan={value}& 
ip_network_id={id}& 
runtime_http_header={value}& 
target_from={assets|tags}& 

tag include_selector={all|any}& 
tag_exclude_selector={alllany}& 
tag_set_by={idjname}& 
tag_set_include={value}& 

tag set_exclude={value}& 

use ip nt range tags={0|1}& 

use ip nt range tags include=/(0]1)8 
use ip nt range tags exclude=/(0/1)8 


connector_name=({value}& *for EC2 scan 


connector _uuid={value}& “for EC2 scan 
ec2_endpoint={value}& *for EC2 scan 


ec2_only_classic={value}& *for EC2 scan 


occurrence=({daily|weekly|monthly}& 
frequency_days={value}& (1-365) 
frequency_weeks={value}& (1-52) 
weekdays={sunday|monday|tuesday| 
wednesday|thursday|friday|saturday}& 
frequency_months={value}& (1-12) 
day_of_month={value}& (1-31) 
day_of_week={value}& (0-6, where 0 is 
sunday 


week_of_month={first|second|third|fourth| 


last}& 
start_date={date}& 
start_hour={value}& (0-23) 


start_minute={value}& (0-59) 
time_zone_code={value}& 
observe_dst={yes|no}& 
recurrence={value}& 
end_after={value}& (0-119) 
end_after_mins={value}& (0-59) 


pause_after_hours={value}& (1-119) 
pause_after_mins={value}& (0-59) 
resume_in_days={value}& (1-9) 


resume_in_hours={value}& (0-23) 
fqdn={value}& 
client_id= {value}& 

client_name={value}& 


Notes: “end_after_mins” must be specified with 
“end_after”. “pause_after_mins” must be specified 
with “pause_after_hours”. “resume_in_hours” 
must be specified with “pause_after_hours” and 
“Tesume in days”. 


before notify=(0/1)£ 
before_notify_unit={days|hours|minutes}& 
before_notify_time={value}& 
before_notify_message={value}& 
after_notify={0|1}& 
after_notify_message={value}& 


recipient_group_ids={value}& 


Notes: “before_notify_time” must be specified 
with before_notify=1. “before_notify_message” is 
only valid when before_notify=1. 


“after_notify_message” is only valid when 
after_notify=1. “recipient_group_ids” is only valid 
when before_notify=1 or after_notify=1 is also 
specified. 
Update Scheduled Scan: (POST) 
action={update}& 
id={value}& 
echo_request={0|1}& 
set_start_time={0|1}& 
client_id= {value}& 
client_name={value}& 


Notes: For updating the start time, these must be 
specified together: set_start_time=1, start_date, 
start_hour, start_minute, time_zone_code, 
observe_dst. 
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For Daily Scan, these must be specified together: 
occurrence=daily, frequency_days. 


For Weekly Scan, these must be specified 
together: occurrence=weekly, frequency_weeks, 
weekdays. 


For Monthly Scan, these must be specified 
together: occurrence=monthly, 
frequency_months and day_of_month (for Nth 
day of month) or day_of_week, week_of_month 
(for Day in Nth week). 


Delete Scheduled Scan: (POST) 
action={delete}& 
id={value}& 
echo _request={0|1}& 


Authentication 


Authentication Record List 
/api/2.0/fo/auth/ 


List Records (all types): (GET + POST) 

action={list}& 

echo_request={0|1}& 

title=[value}& 

comments={value}& 
ids={id,range...}& 

id_min={id}& 

id_max={id}& 


Authentication Record by Type List 


/api/2.0/fo/auth/{type}/ 


where {type} is one of: unix, windows, oracle, 
oracle_listener, snmp, ms_sql, neo4j, ibm_db2, 
vmware, vcenter, http, apache, ms iis, 
ibm_websphere, mysql, tomcat, oracle_weblogic, 
mongodb, mariadb, palo_alto_firewall, jboss, 
kubemetes, sapiq, sap_hana, nginx 


List Records by Type: (GET + POST) 
action={list}& 


Notes: Same optional parameters as for 
authentication records list (all types) plus: 
details={Basic|All|None}& 
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Authentication Records 
/api/2.0/fo/auth/<type>/ 


where <type> is one of: unix (for Unix, Cisco, 
Checkpoint Firewall), windows, oracle, 
oracle_listener, snmp, vmware, vcenter, apache, 
ms_lis, ibm_websphere, http, mysql, ms sal, 
docker, postgresql, sybase, tomcat, mongodb, 
mariadb, palo_alto_firewall, jboss, kubernetes, 
sapig, sap_hana, network_ssh, neo4j, nginx 


Manage Records: (GET + POST) 


action={create|update|delete}& 
title={value}& 
ids={id,range...}& 
echo_request={0|1}& 


Notes: “title” is required for a create request. “ids” 
is required for an update and delete request. 
comments={value}& 
{target hosts} (‘requirements below) 
{<type> credentials} (‘requirements per 
record) 


Notes: Comments, target hosts, and credentials 
specified for create and update requests only (not 
delete requests). 


{target hosts}: 
ips={ip,range...}& 
add_ips={ip,range...}& 
remove_ips={ip,range...}& 
network_id={value}& 


when Tag Support for Authentication Records is 
enabled (Windows, Unix): 


asset_type={ips|asset_tagslip_range tag 
rule}& 
tag set_by={idname}& 
tags_include={tag1,tag2...}& 
tags_exclude=({tag1,tag2,...}& 
tag_include_selector={anylall}& 
tag_exclude_selector={anylall}& 


Notes: “ips” is required for a create request 
(except for Windows, and except when Tag 
Support is enabled), optional for an update 


request. “add_ips” and “remove_ips” are for an 
update request only. “network_id” is valid when 
the networks feature is enabled. 


{vault definition}: 
login_type={basic|vault}& /set to vault to 
enable 
vault_id={value}& 
vault_type={value}& 
(vault parameters below are required except as 
indicated, * means optional) 


ARCON PAM 
vault_service_type={value}& 
Azure Key 


ak_secret_name={value}& 

CA Access Control 
end_point_name=({value}& 
end_point_type={value}& 
end_point_container={value}& 

CA PAM 
vault_app_name={value}& 
vault_device_name=({value}& 
vault_device_host={value}& 

CyberArk PIM Suite 
folder={value}& 
file=fvalue}& 

CyberArk AIM 
folder={value}& 
file=fvalue}& 

HashiCorp 


+ 


secret_ 
secret_ 
secret_ 


kv_path={value}& 
kv_name={value}& 
kv_key={value}& 


Thycotic Secret Server 
secret_name={value}& 
Quest Vault 
system_name=({value}& 
Lieberman ERPM 
auto_discover_system_name=({value}& 
system_name_single_host={value}& 
system_type={auto|windows|unix|oracle|mssq 
]jldap|system|custom}& 
*custom_system_type=&{value} 
valid when system_type=custom 
BeyondTrust PBPS 
*system_type={value}& 
*account_name={value}& 
Wallix AdminBastion (WAB) 


* 


authorization_name=({value} 
target name={value} 


{Unix record}: 
Login credentials: 


username={value}& 

password={value}& 
login_type={basic|vault}& (vault definition) 
vault_type={CA Access Control|CyberArk PIM 
Suite|CyberArk AIM|Hitachi ID 
PAM|Lieberman ERPM|Quest Vault|Thycotic 
Secret Server|BeyondTrust PBPS|Wallix 
AdminBastion} 
cleartext_password={0|1}& 
skip_password={0|1}& 
{XML File}& 


target_type={auto|A10|HP_COMWARE|CISCO_ 


ASA_WITH_FIREPOWE} 


Notes: Required for create request: “username”, 
“password” if cleartext_password=1. {XML File} 
defines private key certificates and root 
delegations. 


Scanning: 
port={value}& /PC scans only 
use_agentless_tracking={O|1}& 
agentless_tracking path={value}& 


Notes: If use_agentless_tracking=1, 
“agentless_tracking path” is required. 


{Unix subtype record): 
sub_type={cisco|checkpoint_firewall}& 


Login credentials: 
username={value}& 
password={value}& 
login_type={basic|vault}& (vault definition) 
vault_type=(CyberArk PIM Suite|CyberArk 
AIM} 
cleartext_password={0|1}& 
enable_password={value}& (Cisco only) 
expert_password={value}& (Checkpoint only) 


Notes: Required for create request: “username”, 
“password” if cleartext_password=1. 


Scanning: 
port={value}& /PC scans only 
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{Network SSH record}: 
Login credentials: 


username={value}& 

password={value}& 
login_type={basic|vault}& (vault definition) 
p2_login_type={basic|vault}& (vault definition) 
*p2_<vault parameters> 

vault_type={CA Access Control|CyberArk PIM 
Suite|CyberArk AIMJHitachi ID 
PAM|Lieberman ERPM|Quest Vault|Thycotic 
Secret Server|BeyondTrust PBPS|Wallix 
AdminBastion} 

“cleartext_password={0|1}& 
password2={value}& 

{XML File}& 
target_type={auto|A10|HP_COMWARE|CISCO_ 
ASA_WITH_FIREPOWE} 


Notes: 


*Ifp2_login_type is vault then all vault parameter 
fields must be added with prefix 'p2_' 


** Required for create request: “username”, 
“password” 1f cleartext_password=1. (XML File) 
defines private key certificates. 


[Windows record): 


Login credentials: 
username={value}& 
password={value}& 
login_type={basic|vault}& (vault definition) 
windows_domain={value}& 
windows_ad_domain={value}& 
ntlm=(0|1}& 
kerberos={0|1}& 
ntlmv2={0|1}& 
ntlm=(0|1}& 
require_smb_signing={0|1}& 
minimum_smb_version={value}& 

Scanning: 
use_agentless_tracking={0|1}& 


ll OO 


{Oracle record}: 
Login credentials: 


login_type={basic|vault}& (vault definition) 
username={value}& 
password={value}& 
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vault_type=[ARCON PAM | Azure Key | 
BeyondTrust PBPS | CA Access Control | 
CyberArk PIM Suite] CyberArk AIM | 


HashiCorp | Lieberman ERPM | Quest Vault | 


Thycotic Secret Server}& 
vault_id={value}& 
sid={value}& 
servicename={value}& 
port={num}& 

is_cdb={0|1}& /PC scans only 
pce_only={O|1}& /PC scans only 


OS-dependent compliance checks: 
perform_windows_os_checks={0|1}& 
in_ora_home_name={value}& 
n_ora_home_path={value}& 
in_init_ora_path={value}& 
in_spfile_ora_path={value}& 
in_listener_ora_path={value}& 
in_sqlnet_ora_path={value}& 
in_tnsnames_ora_path={value}& 
perform_unix_os_checks={0|1}& 
perform_unix_opatch_checks={0|1}& 
unix_ora_home_path={value}& 
unix_init_ora_path={value}& 
unix_spfile_ora_path={value}& 
unix_listener_ora_path=(value}& 
unix_sglnet_ora_path={value}& 
unix_tnsnames_ora_path={value}& 
unix_invptrloc={value}& 


2348555 8 


{Oracle Listener record}: 
password={value}& 

{IBM DB2 record}: 

Login credentials: 


login_type={basic| vault}& 
username={value}& 
password={value}& 
database={value}& 
port={value}& 

pc_only={0|1}& /PC scans only 


OS-dependent compliance checks: 
win, db2dir=(value) 
win. prilogfile=(value) 
win seclogfile=(value) 
win_terlogfile={value} 
win_mirlogfile={value} 
unix_db2dir={value} 


unix_prilogfile={value} 
unix_seclogfile={value} 
unix_terlogfile={value} 
unix_mirlogfile={value} 


Notes: All check parameters are required if you 
want OS-dependent compliance checks to be run. 


{MySQL record}: 


username=({value}& 

password={value}& 

database={value}& 

port={value}& 

windows_config_file={value}& 

unix_config_file={value}& 

ssl_verify={value}& 

hosts={value}& 

client_cert={value}& 

client_key={value}& 

kerberos={0|1}& 

ntlmv2={0|1}& 

ntlm={0|1}& 

member_domain={value}& or ips={value}& 
Notes: All parameters are required for create 
request, except client_cert and client_key (which 
must be specified together). 


{Neo4j record}: 


username={value}& 
password={value}& 
login_type={basic|vault}& 
database={value}& 
port=(value) & 
ssl_verify={value}& 
hosts={value}& 
neo4j_version={value}& 
unix_base_path={value}& 
unix_conf_path={value}& 
neo4j auto path=(0[1)8 


Nginx record): 


unix_bin_path={value}& 
unix_conf_path={value}& 
unix_prefix_path={0|1}& 


{SNMP record}: 
version={v1|v2c|v3}& 


SNMPv1 and SNMPv2c: 
community_strings={value,value...}& 
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Notes: “community_strings” is optional for create 
and update requests. 


SNMPv3: 

username={value}& 
password={value}& 
auth_alg={MD5|SHA1}& 
encrypt_password={value}& 
priv_alg={DES|AES}& 
security_engine_id=(value}& 
context_engine_id={value}& 
context={value}& 


Notes: All SNMPv3 parameters are optional. 
However, when one is specified, others are 
required as follows. 1) It is required that 
“username”, “password” and auth_alg” are all 
defined for record. 2) It is required that 
“encrypt_password” and “priv_alg” are all defined 
for record. 3) For an update request “auth_alg” 
and “priv_alg” may be set to empty, in which case 
the data is not encrypted. 


{VMware record}: 


username=(value}& 
password={value}& 
port={value}& 
hosts={value}& 
ssl_verify=(all|skip|none}& 
ogin_type=& 
is_disconnect={0|1}& 


Notes: “username” and “password” are required 
for a create request, optional for an update 
request. 


{vCenter record}: 


username=({value}& 
password={value}& 
port={value}& 
hosts={value}& 
ssl_verify=(all|skip|none}& 
login_type={basic|vault}& 


Notes: “username” and “password” are required 
for a create request, optional for an update 
request. 

{Apache Web Server record}: 


dl 
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unix apache config file={value}& 

unix apache control command={value}& 
windows_apache_config file={value}& 
windows_apache_control_command= 
{value} & 

status={0|1}& 

is_system_created={0|1}& 


{IBM WebSphere App Server record}: 


unix_installation_dir={value}& 
unix_dir_mode={installation_dir|server_dir}& 
windows_installation_dir={value} 


{Tomcat Server record}: 


installation _path={value}& 
instance_path={value}& 
auto_discover_instances={0|1}& 
installation_path_windows={value}& 
instance_path_windows={value}& 
service_name={value}& 


Notes: “installation_path” or 
“installation_path_windows” is required for a 
create request. 


{HTTP record}: 


username={value}& 
password={value}& 
vhost={value}& 
realm={value}& 
ssl={O|1}& 


Notes: “vhost” or “realm” is required for a create 
request. “ips” parameter is not valid for this record 


type. 


{MongoDB record}: 


unix_conf_file={value}& 
database_name={value}& 
port={value}& 

ssl_verify={0|1}& 

hosts={value}& 
credential_type={locallexternal}& 
cleartext={0[1}& 
login_type={basic|vault|pkcert}& (vault 
definition) 

username=({value}& 
password={value}& 
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vault_type={BeyondTrust PBPS | CA Access 
Control | CyberArk PIM Suite] CyberArk AIM 
[Quest Vault | Thycotic Secret Server}& 
vault_id={value}& 

private_key={value}& 
private_key_vault_id={value}& 
passphrase={value}& 

certificate={value}& 


Notes: Required for create request when 
ogin_type=basic: “username” and “password”. 
Required for create request when 
ogin_type=vault: “username”, “vault_type” and 
“vault_id”. Required for create request when 
ogin_type=pkcert: “private_key” and “passphrase” 
when passphrase_vault_id is not specified.) 
“hosts” required if ssl_verify=1. 


{MariaDB record}: 


ssl_verify={0[1}& 
hosts={value}& 
database={value}& 
port={value}& 
windows_conf_file=(value}& 
unix_conf_file={value}& 
client_cert={value}& 
client_key={value}& 


Login credentials: 


login_type={basic|vault}& 
username=({value}& 
password={value}& 


Notes: “username” and “password” are required 
for a create request, optional for an update 
request. 


{Palo Alto Networks Firewall record}: 


username={value}& 

password={value}& 

login_type=vault& (vault definition) 
vault_id={value}& 

vault_type={CyberArk PIM Suite | CyberArk 
AIM | Quest Vault | Thycotic Secret Server | 
BeyondTrust PBPS}& 


Notes: “password” or “login type=vault”is 
reguired for create reguest. 

{JBoss Server record}: 
windows. working mode={value}& 


Following parameters are reguired if Windows 
working mode is selected. 


windows_home_path={value}& 
windows_base_path={value}& 
windows_conf_dir_path={value}& 
windows_conf_file_path={value}& 
windows_conf_host_file_path={value}& 
unix_working_mode={value}& 


Following parameters are required if Unix working 
mode is selected. 


unix_home_path={value}& 
unix_base_path={value}& 

unix. conf _dir_path={value}& 

unix conf file path=(valuej 8 

unix conf host file _path=(valuej8 


PC scans only 
(Azure MS SOL record): 


(PC scans only) 
username={value}& 
password={value}& 
login_type={basic|vault}& (vault definition) 
vault_type=[ARCON PAM|BeyondTrust 
PBPS|CA Access Control|CyberArk 
AIM|CyberArk PIMSuite|HashiCorp| 
Lieberman ERPM|Quest Vault|Thycotic Secret 
Server} 
port={value}& 
database_name={value}& 
- or - auto_discover_databases={0[1}& 


{Docker record): 


(PC scans only) 
docker_deamon_conf_file={value} 
docker_command={value} 


{Kubernetes record}: 


(PC scans only) 
unix_bin_path={value} 
unix_conf_path={value} 


{MS SQL record}: 


(PC scans only) 
username={value}& 
password={value}& 
port={value}& 
db_local={0|1}& 
windows_domain={value}& 
auth_os_type={unix|windows}& 
mssql_unix_insta_path={value}& 
mssql_unix_conf_path={value}& 
instance={value}& default is “MSSQLSERVER” 
- or - auto_discover_instances={0|1}& 
database={value}& default is “master” 
- or - auto_discover_databases={0|1}& 
port={value}& 
- or - auto_discover_ports={0|1}& 


Notes: When “db_local” is unspecified for a create 
request, the flag is set to 1 (MS SQL Server 
credentials). “windows_domain” is required when 
“db_local=0”, otherwise it is invalid. 


[Oracle WebLogic Server record): 


(PC scans only) 
installation_path={value}& 
auto_discover={0|1}& 
domain={value}& 


{PostgreSQL record}: 
(PC scans only) 


pgsql_unix_conf_file={value}& 
username={value}& 

password={value}& 
login_type={basic|vault}& (vault definition) 
vault_type={CA Access Control|CyberArk PIM 
Suite|CyberArk AIM |Hitachi ID PAM|Quest 
Vault|Thycotic Secret Server|BeyondTrust 
PBPS} 

pgsql_db_name={value}& 

port={value}& 

ssl_verify={0|1}& 

hosts={value}& 
client_key_type={basic|vault}& 
client_key={value}& 
client_key_vault_type={CyberArk 
AIM|BeyondTrust PBPS}& 
client_key_vault_id={value}& 
passphrase_type={basic|vault}& 
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passphrase={value}& 

client_cert={value}& 
passphrase_vault_type={CA Access 
Control|CyberArk PIM Suite|CyberArk AIM 
Hitachi ID PAM|Quest Vault|Thycotic Secret 
Server|BeyondTrust PBPS}& 
passphrase_vault_id={value}& 


Notes: Required for create request: “password” if 
login_type=basic. 


{SAP Hana record}: 

(PC scans only) 
database={value}& 
port={value}& 
unix_conf_path={value}& 
ssl_verify={0|1}& 
hosts={value}& 
username={value}& 
password={value}& 
password_encryption={0|1} 
login_type={basic|vault}& (vault definition) 
vault_type={Arcon PAM|Azure Key| 
BeyondTrust PBPS|CyberArk AIM|CyberArk 
PIM Suite|HashiCorp|Thycotic Secret Server}& 
vault_id={value}& 


Notes: Required for a create request: “password” if 
login_type=basic, “unix_conf_path” if the record 
will be used for scanning Unix hosts, “hosts” if 
ssl_verify=1. 


{SAP IQ record}: 

(PC scans only) 
username={value}& 
password={value}& 
password_encryption={0|1} 
login_type={basic|vault}& (vault definition) 
vault_type={Arcon PAM|Azure Key| 
BeyondTrust PBPS|CA Access Control|CA PAM, 
CyberArk AIM|CyberArk PIM Suite|HashiCorp| 
Hitachi ID PAM|Liberman ERPM|Quest Vault] 
Thycotic Secret Server|Wallix AdminBastion 
(WAB)}& 
port={value}& 
database={value}& 
install_dir={value}& 
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Notes: Required for a create request: “password” if 
login_type=basic, “install_dir” if record will be 
used for scanning Unix hosts. 


{Sybase record}: 
(PC scans only) 
username={value}& 
password={value}& 
login_type={basic|vault}& (vault definition) 
vault_type={CyberArk PIM Suite|CyberArk 
AIM |Quest Vault|Thycotic Secret Server] 
Lieberman ERPM} 
port={value}& 
database=(val 
install_dir={va 


ue} & 
ue} & 


Notes: Required for a create request: “password” if 
login_type=basic, “install_dir” if record will be 
used for scanning Unix hosts. 


Authentication Vaults 


/api/2.0/fo/vault/ 


List Vaults: (GET + POST) 

action={list}& 

echo_request={0|1}& 

title={value}& 

type={CyberArk PIM Suite|Thycotic Secret 
Server|Quest Vault|CA Access Control|Hitachi ID 
PAM|Lieberman ERPM |CyberArk AIM|BeyondTrust 
PBPS|Wallix AdminBastion (WAB)}& 

modified={date/time}& 
orderby={id|title|system_namel|last_modified| 

last_modified_by}& 

sortorder={asc|desc}& 

limit={value}& 

offset={value}& 


Notes: “sortorder” is valid only when “orderby” is 
specified. “limit” and “offset” must be specified 
together. 


Manage Vaults: (GET + POST) 


action={create|update|delete}& 

title={value}& 

type={CyberArk PIM Suite|Thycotic Secret 
Server|Quest Vault|CA Access Control|Hitachi 
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ID PAM|Lieberman ERPM|BeyondTrust PBPS|Wallix 
AdminBastion (WAB)} 
id={id} 
comments={value}& 
echo_request={0|1}& 
{settings} 


Notes: “title” and “type” are required for a create 
request, optional for an update request. 
“comments” is optional for create and update 
request. “id” is required for an update and delete 
request. “settings” for create and update request, 
varies per vault type (see below). 


ARCON PAM: 
url={value}&* 
ss]_verify=({1|0}&* 
username=f{value}&* 
password={value}&* 


Notes: bold means required for new vault 
Azure Key: 


url={value}&* 
app_id={value}&* 
ssl_verify={1|0}&* 
certificate={value}&* 
private_key={value}&* 
passphrase={value}& 


Notes: bold means required for new vault 
CA PAM: 
url={value}&* 
apikey_name={value}&* 
ssl_verify={1|0}&* 
apikey={value}&* 


Notes: bold means required for new vault 


CA Access Control: 


ca_url={value}&* 
ca_api_username={value}&* 
ca_ssl_verify=({1|0}&* 
ca_web_username={value}& 
ca_web_password={value}& 


Notes: bold means required for new vault 


CyberArk PIM Suite: 


server_address={value}&* 
port={value}& 
safe={value}&* 
username={value}&* 
password={value}&* 


HashiCorp: 
url={value}&* 
api_version={value}& 
ssl_verify={1|0}&* 
if auth_type={userpass}& 
path={value}& 
username={value}&* 
password={value}&* 
if auth_type={cert}&* 
path={value}& 
role name={value}&* 
cert={value}&* 
private_key={value}&* 
passphrase={value}& 
if auth_type={cert}&* 
path={value}& 
role_id={value}&* 
secret_id={value}& 
Notes: bold means required for new vault 


Hitachi ID PAM: 
url={value}&* 
username={value}&* 
password={value}&* 
ssl_verify={1|0}&* 


* 


Notes: bold means required for new vault 


Lieberman ERPM: 
url={value}&* 
domain={value}& 
username={value}&* 
password={value}&* 
ssl_verify={1|0}&* 


Notes: bold means required for new vault 


Quest Vault: 
server_address={value}&* 
port={value}& 
username={value}&* 
access_key={value}&* 


Notes: bold means required for new vault 
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Thycotic Secret Server: 
url={value}&* 
username={value}&* 
password={value}&* 
domain={value}& 


Notes: bold means required for new vault 


CyberArk AIM: 
appid={value}& 
safe={value}& 
url={value}& 
ssl_verify=(0/1)8 
cert={value}& 
private_key={value}& 
private_key_pwd={value}& 


Notes: bold means required for new vault 


Wallix AdminBastion (WAB) 
url={value}& 
ssl_verify={0|1}& 
username={value}& 
password={value}& 
appkey=(value] 

BeyondTrust PBPS: 
appkey={value}& 
url={value}& 
username={value}&* 
password={value}&* 
ssl_verify=(0/1)8 
cert={value}& 
private_key={value}& 
private_key_pwd={value}& 


Notes: bold means required for new vault 


Scanner Appliances 
/api/2.0/fo/appliance/ 


List Appliances: (GET + POST) 
action={list}& 
echo_request={0|1}& 
output_mode=(brief|full) & 
scan_detail={0|1}& 
include_cloud_info={0|1}& 
busy={0|1}& 
scan_ref={value}& 
name={value}& 
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ids={id1,id2...}& 
include_license_info={0|1}& 
network_id={id}& 
type={physical|virtualloffline}& 
show_tags={0|1}& 
platform_provider={ec2|ec2_compat|gce| 
azure|vCenter}& 


Notes: “include_license_info” applies to virtual 
scanner appliances 


Virtual Scanners: (GET + POST) 
echo_request={0|1}& 


action={create}& 

name={value}& 

asset_group_id={value}& 

polling interval={60-360}& “default is 180 
Notes: “asset_group_id” is required for Unit 
Managers and Scanners with permission to create 
virtual scanners. Managers do not specify 
“asset_group_id”. 

action={update}& 

id={id}& 

name={value}& 

comment=({value}& 

polling interval={60-360}& 

set_tags= {value}& 

add_tags= {value}& 

remove_tags= {value}& 

tag set by= {idjname}& 
*set_vlans=(ID|IP_ADDRESS|NETMASK|NAME}& 
*set_routes={IP_ADDRESSINETMASK|GATEWAY]N 
AME}& 
*Notes: Or “ (empty string) to delete all records 

action={delete}& 

id={id}& 


Physical Scanners: (POST) 


/api/2.0/fo/appliance/physical/ 
action={update}& 
id={id}& 
name={string}& 
polling interval={60-360}& “default is 180 
set_vlans={value}& 
set_tags= {value}& 
add_tags= {value}& 
remove_tags= {value}& 


tag_set_by= {idjname}& 

set_routes={value}& 

comment=({value}& 
*set_vlans=(ID|IP_ADDRESS|NETMASK|NAME}& 
*set_routes={IP_ADDRESS|NETMASK|GATEWAY|N 
AME}& 


Assign Appliance to Network: (POST) 
action={assign_network_id}& 
appliance_id={id}}& 
network_id={id}}& 
echo_request={0|1}& 

Replace Appliance: (POST) 

/api/2.0/fo/appliance/replace_iscanner/ 
action={replace}& 
echo_request={0|1}& 
old_scaner_name={value}& 
new_scanner_name={value}& 
do_not_copy_settings={0|1}& 
do not remove new scanner from objects= 
(0118 


Option Profiles 
/api/2.0/fo/subscription/option_profile/ 
Export Option Profile: (GET) 
/api/2.0/fo/subscription/option_profile/ 


action={export}& 
output_format={XML}& 
option_profile_id={value}& 
option_profile_title={value}& 
option_profile_type={user|compliance|pci}& 


Import Option Profile: (POST) 
/api/2.0/fo/subscription/option_profile/ 


action={import}& 


Notes: When calling this API the user needs to 
pass the proper XML with Content-Type XML. 
VM Option Profiles 
/api/2.0/fo/subscription/option_profile/vm/? 


Create VM Option Profile: (POST) 


action={create}& 
title=[value}& 
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owner={value}& 

default={0|1}& 

global={0|1}& 

offline_scanner={0|1}& 
scan_tcp_ports=(nonelfulllstandard|light)8z 
scan_tcp_ports_additional={port1,port2}& 
3_way_handshake={0|1}& 

Scan 
scan_udp_ports={nonelfull|standard|light}& 
scan_udp_ports_additional={port1,port2}& 
authoritative_option=(0|1}& 
scan_dead_hosts={0|1}& 
close_vuln_on_dead_hosts={0|1}& 
not_found_alive_times=({value}& 
purge_host_data={0|1}& 
external_scanners_use={value}& 
scan_parallel_scaling={0|1}& 

scan overall performance=/(high|normalllowl] 
custom}& 

scan_external_scanners={value}& 
scan_scanner_appliances={value}& 
scan_total_process={value}& 
scan_http_process={value}& 
scan_packet_delay={minimum|short|medium 
longlmaximum}& 
scan_intensity={normal|medium|low| 
minimum}& 

oad_balancer={0|1}& 
password_brute_forcing_system={minimal| 
imited|standard|exhaustive) 8 
password_brute_forcing custom=(valuel, 
value2}& 
ulnerability_detection={complete|custom| 
ntime}& 

ustom_search_list_ids={value1, value2}& 
ustom_search_list_title=(valuel, value2}& 
ic_host_information_checks={0|1}& 
_checks={0|1}& 

qrdi_checks={0|1}& 
ude_search_list_ids={value1, value2}& 
authentication={value1,value2}& 
enable_additional_certificate_detection= 
{O|1}& 

enable_dissolvable_agent={0|1}& 
enable_windows_share_enumeration={0|1}& 
enable_lite_os_scan={0|1}& 
custom_http_header={value}& 
custom_http_definition_key={value}& 
custom_http_definition_header={value}& 


= 
as 


< 
w 
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w 
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pS 
Q 
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host_alive_testing={0|1}& 
not_overwrite_os={0|1}& 
test_authentication=(0|1}& 

System Authentication 
include_system_auth={0|1}& 
use_system_auth_on_duplicate={0|1}& 
use_user_auth_on_duplicate={0|1}& 
Map 
basic_information_gathering=[all|register|net 
ockonly|none]& 

ap. tcp ports standard scan=(0[1)8 

ap tcp ports additional=(value1, value2)8 
ap udp ports standard scan=(0[1)% 

ap udp ports additional=(value1,value2)8 
erform live host sweep=/(0/1)8 
sable_dns_traffic={0|1}& 
ap_overall_performance=(high|normal|low| 
stom}& 

ap_external_scanners={value}& 
ap_scanner_appliances={value}& 
ap_netblock_size={1024 IPs|4096 IPs| 

92 IPs|163841Ps|32768 IPs|65536 IPs} & 
ap_packet_delay={minimum|short|medium| 
ng{maximum}& 

ap authentication=(VMware | vCenter}& 
Additional 
additional_tcp_ports={0|1}& 
additional_tcp_ports_standard_scan={0|1}& 
additional tcp ports additional=(value1, 


E 
ba 


223353523528535332 


Bo 


_udp_ports=(0|1}& 
_udp_ports_type={standard| 


-väp ports custom=/(valuel1, 


blocked_resources={0|1}& 
protected_ports={default|custom}& 
protected_ports_custom={value1,value2}& 
protected_ips={all|custom}& 
protected_ips_custom={value1,value2}& 
ignore_firewall_generated_tcp_rst_packets= 
O|1}& 
ignore_all_tcp_rst_packets=(0|1}& 
ignore_firewall_generated_tcp_syn_ack_ 
packets={0|1}& 
not_send_tcp_ack_or_syn_ack_packets_ 
during_host_discovery={0|1}& 


Qualys API Quick Reference Guide 
Vulnerability Management and Policy Compliance API 


Update VM Option Profile: (POST) 
action={update}& 
id={value}& 
For other parameters see Create VM Option 
Profile 


List VM Option Profile: (GET + POST) 
action={list}& 


Delete VM Option Profile: (GET + POST) 


action={delete}& 
id={value}& 


PCI Option Profiles 
/api/2.0/fo/subscription/option_profile/pci/? 


Create PCI Option Profile: (POST) 


action={create}& 
title={value}& 
owner={value}& 
global={0|1}& 
offline_scanner={0|1}& 
scan_parallel_scaling={0|1}& 
Scan 
scan_overall_performance=(high|normal|low| 
custom) & 

scan_external_scanners={value}& 
scan_scanner_appliances={value}& 
scan_total_process={value}& 
scan_http_process={value}& 
scan_packet_delay= 
{minimum|short|medium|long|maximum}& 
scan_intensity={normal|medium|low| 
minimum}& 

scan_dead_hosts={0|1}& 
close_vuln_on_dead_hosts={0|1}& 
not_found_alive_times={value}& 
purge_host_data={0|1}& 

Additional 
additional_tcp_ports_additional=(valuel, 
value2}& 


Update PCI Option Profile: (POST) 
action={update}& 
id={value}& 
For other parameters see Create PCI Option 
Profile 
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List PCI Option Profile: (GET + POST) 
action={list}& 


Delete PCI Option Profile: (GET + POST) 


action={delete}& 
id={value}& 


Compliance Option Profiles 
/api/2.0/fo/subscription/option_profile/pc/? 


Create Compliance Option Profile: (POST) 


action={create}& 
title={value}& 
owner={value}& 
global={0|1}& 
scan_parallel_scaling={0|1}& 
Scan 
scan_overall_performance=(high|[normal|low| 
custom) & 

scan_external_scanners={value}& 
scan_scanner_appliances={value}& 
scan_total_process={value}& 
scan_http_process={value}& 
scan_packet_delay={minimum|short|medium 
llonglmaximum}& 
scan_intensity={normal|medium|low| 
minimum}& 

scan_by_policy={0|1}& 

policy names=/(value1 value2)8 

policy. ids=(value1 value2)8 

auto update expected. value=/(0[1)8 
fim_controls_enabled={0|1}& 
custom_wmi_query_checks={0|1}& 
enable_dissolvable_agent={0|1}& 
enable_password_auditing={0|1}& 
custom_password_dictionary=(valuel, 
value2}& 
enable_windows_share_enumeration={0|1}& 
enable_windows_directory_search={0|1}& 
scan_ports={standard|targeted}& 
mssql_db_udc_restriction={0|1}& 
mssql_db_udc_limit={value}& 
oracle_db_udc_restriction={0|1}& 
oracle_db_udc_limit={value}& 
sybase_db_udc_restriction={0|1}& 
sybase_db_udc_limit={value}& 
postgreSQL_db_udc_restriction=(0|1}& 
postgreSQL_db_udc_limit={value}& 
sapig_db_udc_restriction={0|1}& 


sapiq_db_udc_limit={value}& 
db2_db_udc_restriction= (0|1) 
db2_db_udc_limit= {value} 
enable_auth_instance_discovery={0|1}& 
auto_auth_types={value}& 
ibm_was_discovery_mode={value}& 
oracle_template_id={value}& 
oracle_template_name={value}& 
include_system_auth={0|1}& 
use_system_auth_on_duplicate={0|1}& 
use_user_auth_on_duplicate={0|1}& 
Instance Data Collection 
enable_instance_data_collection={0|1}& 
instance_data_collection_auth_types={value} 
& 
enable_os_based_instance_discovery={0|1}& 
os_based_instance_disc_technologies 


=— 


Additional 
addition 


È 


_tcp_ports={0|1}& 
_tcp_ports_standard_scan={0|1}& 
-tcp ports additional=(value1, 


_udp_ports=(0|1}& 
_udp_ports_type={standard| 


_udp_ports_custom=(valuel, 


blocked_resources={0|1}& 
protected_ports={default|custom}& 
protected_ports_custom={valuel,value2}& 
protected _ips= {all|custom}& 
protected_ips_custom={value1,value2}& 
ignore_rst_packets={0|1}& 
ignore_firewall_generated_syn_ack_packets= 
0|1}& 
not_send_ack_or_syn_ack_packets_during_ 
host_discovery={0|1}& 


Update Compliance Option Profile: (POST) 
action={update}& 
id={value}& 
For other parameters see Create Compliance 
Option Profile 

List Compliance Option Profile: (GET + POST) 
action={list}& 
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Delete Compliance Option Profile: (GET + 
POST) 

action={delete}& 

id={value}& 


KnowledgeBase 


Vulnerabilities 
/api/2.0/fo/knowledge_base/vuln/ 


List Vulnerabilities: (GET + POST) 
action={list}& 
echo_request={0|1}& 
details={Basic|All| None}& 
ids={value}& 
id_min={value}& 
id_max={value}& 
is_patchable={0|1}& 
ast_modified_after={date/time}& 
ast_modified_before={date/time}& 
ast_modified_by_user_after={date/time}& 
ast_modified_by_user_before={date/time}& 
ast_modified_by_service_after={date/time}& 
ast_modified_by_service_before={date/time} 
& 
published_after={date/time}& 
published_before={date/time}& 
discovery_method={value}& 
discovery_auth_types={value}& 
show_pci_reasons={0|1}& 
show_supported_modules_info={0|1}& 
show_disabled_flag={0|1}& 
show_gid_change_log={0|1}& 
Notes: Subscription authorization is required to 
use. For “discovery_method” a valid value is: 
Remote, Authenticated, RemoteOnly, 
AuthenticatedOnly, or RemoteAndAuthenticated. 


Edit Vulnerabilities: (POST) 


/api/2.0/fo/knowledge_base/vuln/ 
action={edit}& 
gid={value}& 
severity={value}& 
disable={0[1}& 
threat_comment={value}& 
impact_comment={value}& 
solution_comment={value}& 


Qualys API Quick Reference Guide 
Vulnerability Management and Policy Compliance API 


include_system_option_profiles={0|1} List Dynamic Search Lists: (GET + POST) 
action=(list}& 


echo_request={0|1}& 


Note: Providing at least one optional parameter is 


mandatory. 


Reset a Vulnerabilities: (POST) 
action={reset}& 
qid={value} 

List Edited Vulnerabilities: (POST) 
action={custom}& 


Note: Get a list of all edited vulnerabilities. 


Static Search Lists 
/api/2.0/fo/gid/search_list/static/ 


List Static Search Lists: (GET + POST) 
action={list}& 
echo_request={0|1}& 
ids={id1,id2...}& 


Create Static Search List: (POST) 


action={create}& 
echo_request={0|1}& 
title=(value) & 
gids={num1,num2...}& 
global={0|1}& 
comments={value}& 


Update Static Search List: (POST) 
action={update}& 
echo_request={0|1}& 
id={value}& 
title={value}& 
gids={num1,num2...}& 
add_gids={num1,num2...}& 
remove_gids={num1,num2...}& 
global={0|1}& 
comments={value}& 


Delete Static Search List: (POST) 
action={delete}& 
echo_request={0|1}& 
id={value}& 

Dynamic Search Lists 

/api/2.0/fo/qid/search_list/dynamic/ 
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ids={id1,id2...}& 

show_qids={0|1}& 
show_option_profiles={0|1}& 
show_distribution_groups={0|1}& 
show_report_templates={0|1}& 
show_remediation_policies={0|1}& 


Create Dynamic Search List: (POST) 


action={create}& 

echo_request={0|1}& 

title=[value}& 

global={0|1}& 

comments={value}& 

Criteria for Dynamic Search List (below) 


Update Dynamic Search List: (POST) 


action={update}& 

echo_request={0|1}& 

id={value}& 

title={value}& 

global={0|1}& 

comments={value}& 
unset_user_modified_date={empty value}& 
unset_published_date={empty value}& 
unset_service_modified_date={empty value}& 
Criteria for Dynamic Search List (below) 


Criteria for Dynamic Search List: 


vuln_title=(value}& 
not_vuln_title={0|1}& 
discovery_methods={value}& 
auth_types={value}& 
user_configuration={value}& 
categories={value}& 
not_categories={0|1}& 
confirmed_severities={value}& 
potential_vulnerabilities={value}& 
ig severities=[{value}& 
vendor_ids={value}& 
not_vendor_ids={0|1}& 
products={value}& 
not_products={0|1}& 
cvss_base={value}& 
cvss_base_operand={1|2}& 
cvss_temp={value}& 
cvss_temp_operand={1|2}& 


cvss_access_vector={value}& 
cvss3_base={value}& 
cvss3_base_operand={1|2}& 
cvss3_temp={value}& 
cvss3_temp_operand={1|2}& 
cvss_access_vector={value}& 
patch_available={0|1}& 
virtual_patch_available={0|1}& 
cve_ids={value}& 
not_cve_ids={0|1}& 
exploitability={value}& 
malware_associated={value}& 
endor_refs={value}& 
ot_vendor_refs={0|1}& 
ugtraq_id={value}& 
ot_bugtraq_id={0|1}& 
uln_details={value}& 
ompliance_details={value}& 
ompliance_types={value}& 
ualys_top_lists={value}& 
ids_not_exploitable={0|1}& 
non_running_services={0|1}& 
sans_20={0|1}& 
nac_nam={0|1}& 
vuln_provider={0|1}& 
user_modified_date_between={value}& 
user_modified_date_today={0|1}& 
user_modified_date_in_previous={value}& 
user_modified_date_within_last_days={value} 
& 
not_user_modified=(0|1}& 
service modified_date_between={value}& 
service modified_date_today={0|1}& 
service modified date in_previous={value}& 
service modified date within last days=(valu 
e) 8z 
not_service_modified={0|1}& 
published_date_between={value}& 
published_date_today={0|1}& 
published_date_in_previous={value}& 
published_date_within_last_days={value}& 
not_published={0|1}& 
supported_modules={value}& 


< 


gq 0085 


Q 


+9 Q 


Delete Dynamic Search List: (POST) 
action={delete} & 
echo_request={0|1}& 
id={value}& 
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Reports 


Manage Reports 
/api/2.0/fo/report/ 


List Reports: (GET + POST) 
action={list}& 
echo_request={0|1}& 
id={value}& 
state={Running|Finished|Submitted] 
Canceled|Errors}& 
user_login={login}& 
expires_before_datetime={date/time}& 
client_id= {value}& 
client_name={value}& 


Manage Reports: (POST) 


action={cancel|delete}& 
echo_request={0|1}& 
id={value}& 


Download Report: (POST) 


action={fetch}& 
echo_request={0|1}& 
client_id= {value}& 
client name=f{value}& 


Launch Report 
/api/2.0/fo/report/ 


Launch Report (all types): (POST) 


action={launch}& 

echo _request={0|1}& 
template_id={value}& 
report_title={value}& 
pdf_password={passwd}& 
recipient_group={group, group... 50 max}& 
hide_header={0|1}& 
use_tags=(0|1} 
tag_include_selector={alljany}& 
tag_exclude_selector={alllany}& 
tag_set_by={id|jname}& 
tag_set_include={value}& 
tag_set_exclude={value}& 
recipient_group_id={value}& 


Map Report: 


report_type={Map}& 
echo_request={0|1}& 
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output_format={pdf/html|mht|xml|csv|docx}& 
domain={value}& 

ip_restriction={value}& 

report_refs={value}& 


Scan Report (Scan Based Findings): 
report_type={Scan}& 
echo_request={0|1}& 
output format=(päf|html|mht|xml|csv) 
report refs=(ref ref...) 
ip_restriction={value}& 


Scan Report (Host Based Findings): 
report_type={Scan}& 
echo_request={0|1}& 
output_format={pdf/html|mht|xml|csv}& 
ips={value}& 
ips_network_id={id}& 
asset_group_ids={id,id...}& 


Qualys Patch Report: 
echo_request={0|1}& 
output_format={pdfjonline|xml|csv}& 
ips={value}& 
asset_group_ids={id,id...}& 


Remediation Report: 
report_type={Remediation}& 
echo_request={0|1}& 
output_format={pdf/html|mht|csv}& 
asset_group_ids={id,id...}& 
assignee_type={User|All}& 
ips={value}& 


Compliance Report: 
report_type={Compliance}& 
echo_request={0|1}& 
output_format={pdf|html|mht}& 


Notes: “mht” is not valid for PCI report. 
ips={value}& 
asset_group_ids={id,id...}& 
report_refs={ref,ref...}& 

Notes: “report_refs” is required for a PCI report, 

and not valid for other compliance reports. 


Compliance Policy Report: 
report_type={Policy}& 
echo_request={0|1}& 
output_format={pdf/html|mht|xml|csv}& 


policy_id={value}& 
asset_group_ids={value}& 
ips={value}& 
instance_string={value} 
host_id={value} 
instance_string={value} 


Scorecard Report 
/api/2.0/fo/report/scorecard/ 


Launch Scorecard: (POST) 


action={launch}& 

echo_request={0|1}& 

name={value}& 

report_title={value}& 
output_format={pdf|html|mht|xml|csv}& 
hide_header={0|1}& (for CSV only) 
pdf_password={passwd)& 
recipient_group=(group,group... 50 max}& 
recipient_group_id={distgroup1,distgroup2}& 
source={asset_groups|business_unit}& 
asset_groups=(value,value...)8z 
all_asset_groups={0|1}& 
business_unit={value}& 

division={value}& 

function={value}& 

location= 
patch_quids={gid,gid...}& (10 max) 
missing _qids={qid,qid}& (2 max) 


< 
3 
PD, 
G 
T 
Ro 


Scheduled Report 

/api/2.0/fo/schedule/report/ 

List Scheduled Reports: (GET) 
action=(list)8 


id={value}& 
is_active={true|false}& 


Launch Scheduled Report: (POST) 
action={launch_now}& 


id={value}& 
Asset Search Report 
/api/2.0/fo/report/asset/ 


Asset Search Report: (GET + POST) 


action={search}& 
output_format={csv|xm]}& 


tracking method={IP|DNS| 


NETBIOS|EC2|AGENT}& 


ips={value}& 

ips_network_id={value}& 
asset_group_ids={value}& 
asset_groups={value}& 
assets_in_my_network_only={0|1}& 

ec2 instance status=(RUNNING 
[TERMINATED | PENDING | STOPPING | 
SHUTTING. DOWN | STOPPED}& 

*ec2 instance id=(value)8 

*ec2 instance id modifier=(value)8x 
azure vm. state=(STARTING | RUNNING | 
STOPPING | STOPPED, DEALLOCATING, 
DEALLOCATED, 

UNKNOWN }& 

azure_vm_id={value}& 


display. ag titles={0|1}& 
ports={value}& 

services={value}& 

qids={value}& 
gid_with_text={value}& 
gid_with_modifier={beginning with] 


containing|matchinglending with}& 


con 


con 


use_tags={0|1}& 
tag_set_by={id|jname}& 


+ 


cont 


con 


BOOM OOM 55 
rI 


tag_include_selector= 
tag_exclude selector= 


tag_set_include=fvalue 
tag_set_exclude={value 


first_found_days={val 


first_found_modifier= 


anylall}& 
anylall}& 
& 
& 


== 


== 
== 


ue}& 
{within|not within) & 


last_vm_scan_days={value}& 
last_vm_scan_modifier={within|not within}& 
last_pc_scan_days={value}& 
last_pc_scan_modifier=[within|not within}& 


dns_name={value}& 
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modifier=fbeginni 
g|matchinglending with|not empty}& 
name={value} 
os_modifier={beginning with| 
tchinglending with|not empty}& 
me=({value}& 
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Notes: *ec2_instance_id_modifier is valid only 
when 
*ec2_instance_id is specified 


Report Templates 


Scan Template 


Create Scan Template (POST) 
/api/2.0/fo/report/template/scan/ 


action=create 

report_format=xml 

title=[value}& 

owner={value}& 

Target 
scan_selection={HostBased|ScanBased}& 
include_trending={0|1}& 
limit_timeframe={0|1}& 
selection_type={day|month|weeks|date|none|s 
cans}& 
selection_range={1|3|5|7|15/30|60|90} & 
asset_groups={value}& 
asset_group_ids={value}& 
network={value}& 

ips={value}xm]}& 

tag_set_by={namelid}& 


tag_include_selector={ALL|ANY}& 
tag_set_include={value}& 
tag_exclude_selector={ALL|ANY}& 
tag_set_exclude={value}& 
host_with_cloud_agents= {all|scan|agent}& 
display_text_summary={0|1}& 
graph_business_risk={0|1}& 
graph_vuln_over_time={0|1}& 
graph_status={0|1}& 
graph_potential_status={0|1}& 
graph_severity={0|1}& 

Display 
graph_potential_severity={0|1}& 

graph ig severity={0|1}& 

graph. top. categories=/(0[1) 8 

graph top vulns=(0/1)8£ 

graph_os={0|1}& 

graph_services={0|1}& 
graph_top_ports={0|1}& 
display_custom_footer={0|1}& 
display_custom_footer_text={value}& 
sort_by={host|vulnjos|group|service|port} & 
cvss={all|cvssv2|cvssv3}& 
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hos 


Q 
HA 


AO AAA O OOO AO TA 


G 
Dv 
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t_details={0|1}& 


metadata_ec2_instances={0|1}& 
oud. provider metadata={0|1}& 


ys system ids=/(0[1) 8 
ude text summary={0|1}& 
ude_vuln_details={0|1}& 

ude_v details_threat={0|1}& 
ude vuln details impact={0|1}& 
ude v details_solution={0|1}& 
ude vuln details vpatch=(0]1)8 


ude_v 
ude_v 
ude_v 
ude_v 


_details_exploit={0|1}& 

details_malware=(0|1}& 

_details_results={0|1}& 
details_reopened={0|1}& 


558558585585558552 


C 
exc 


Filters 


u 
u 
u 
u 
ude_vu 
u 
u 
u 
u 
u 


SPE 12109 491 15 ee 
oa 
oO 
+ 
ow 


ude_v 
lude_ac 


_details_appendix={0|1}& 


(3: 
O 
E 
> 
dF 
Jie 
Q 
E 
is 
¿E 
Re 


selective_vulns={complete|custom}& 


sea 
exc 
exc 


rch_list_ids={value}& 
lude_gid_option={0|1}& 
lude_search_list_ids={value}& 


included_os={value}& 


< 


pot 
pot 
pot 


status_new={0|1}& 
status_active=(0|1}& 
status_reopen={0|1}& 
status_fixed=(0|1}& 
vuln_active={0|1}& 
V 


uln_disabled={0|1}& 
uln_ignored={0|1}& 


ential_active={0|1}& 
ential_disabled={0|1}& 
ential_ignored={0|1}& 


ig active={0|1}& 
ig disabled={0|1}& 


ig i 


gnored={0|1}& 


display non running kernels=(0|1}& 


exc 
exc 


exc 


ude non running kernel=(0/1)8 
ude non running services=(0|1}& 


tion={0|1}& 
ude_superceded_patches={0|1}& 


categories_list={value}& 
Services and Ports 


req 


uired_services={value}& 


unauthorized_services={value}& 


req 


uired_ports={value}& 


unauthorized_ports={value}& 
User Access 


ils_compliance={0|1}& 


ude gids not exploitable due to config 


global= 


(011)8 


report_access_users={value}& 


Update Scan Template (PUT) 
/api/2.0/fo/report/template/scan/ 


template_id={value}& 
action=update 
report_format=xml& 
Delete Scan Template (POST) 
/api/2.0/fo/report/template/scan/ 


action=delete 
template_id={value}& 


Export Scan Template (GET) 
/api/2.0/fo/report/template/scan/ 


action=export 
report_format=xml 


template_id={value}& 


PCI Scan Template API 


Notes: Go to Scan Template API. The same 
parameters used to define PCI Scan Template 
settings. All parameters (all are optional).In 
addition the following parameters are used. 


Create PCI Scan Template (POST) 
/api/2.0/fo/report/template/pciscan/ 


action=create 
report_format=xml 


ustom 
ustom 


ustom 
8|9/10 
ustom 
ustom 


O O SIO OO O 


ts={<search list 1 


<comm 


ized_rank 
}& 


_pci_ranki 
ized_ranki 
6|7|8|9|10} & 


ized_ranki 
ized_ranki 
d1/namel> | <SEVERITY> | 
ents>,<search list id2/name2> | 


n 
n 


n 


n 


g=(0|1}& 
g medium_from={0|1|2|3|4| 


g high from={0|1|2|3|4|5|6| 


g comments={value}& 
g gid searchlist commen 


SEVERITY> | <comments>}& 


Update PCI Scan Template (PUT) 
/api/2.0/fo/report/template/pciscan/ 


action=update 
report_format=xml 
template_id={value}& 


Delete PCI Scan Template (POST) 
/api/2.0/fo/report/template/pciscan/ 


action=delete 
template_id={value}& 


Export PCI Scan Template (GET) 
/api/2.0/fo/report/template/pciscan/ 


action=export 
report_format=xml 
template_id={value}& 


Patch Template 


Create Patch Template (POST) 
/api/2.0/fo/report/template/patch/ 


action=create 

report_format=xml 

title={value}& 

owner={value}& 

Target 

patch_evaluation={gidbased|classic}& 
asset_groups 

asset_group_ids={value}& 
tag_set_by={namelid}& 
tag_include_selector={ALL|ANY}& 

tag set _exclude={value}& 

tag exclude_selector={ALL|ANY}& 
network={value}& 

ips={value}& 

Display 

group_by={HOST|PATCH|OS|AG}& 
include_table_of_qids_fixed={0|1}& 
include_patch_links={0|1}& 
include_patches_from_unspecified_vendors={ 
0/12 
include_cloud_metadata=(0|1}& 
patch_severity_by={assigned|highest}& 
patch_cvss_score_by={assigned|highest| 
none}& 

cvss={all|cvssv2|cvssv3}& 
display_custom_footer={0|1}& 
display_custom_footer_text={value}& 
exclude_account_id={0|1}& 

Filters 
selective_vulns={complete|custom}& 
search list ids={value}& 
exclude_qid_option=(0/1)8 
exclude_search_list_ids={value}& 
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display_non_running_kernels={0|1}& 

exclude non running kernel={0|1}& 

exclude non running services={0|1}& 
exclude gids not exploitable due to config 
uration={0|1}& 
selective_patches={complete|custom}& 
exclude_patch_qid_option={0|1}& 
patch_search_list_ids={value}& 
exclude_patch_search_list_ids={value}& 
found_since_days={7|30|90|365|NoLimit}& 
User Access 

global={0|1}& 
report_access_users={value}& 


+ 


Update Scan Template (PUT) 
/api/2.0/fo/report/template/patch/ 
action=update 
report format=xml 
template_id={value}& 
Delete Scan Template (POST) 
/api/2.0/fo/report/template/patch/ 
action=delete 
template_id={value}& 
Export Scan Template (GET) 
/api/2.0/fo/report/template/patch/ 


action=export 
report_format=xml 
template_id={value}& 


Map Template 


Create Map Template (POST) 
/api/2.0/fo/report/template/map/ 


action=create 
report_format=xml 
title={value}& 
wner={value}& 
lobal=(0/1)8 
isplay 
ap_sort_by={ipaddress|dns|netbios|router|o 
ratingsystem}& 
ap_related_info_lastscandate={0|1}& 
ap_related_info_assetgroups={0|1}& 
ap_related_info_authenticationrecords={0|1 


ga O 


HH EU HO 


ES 


3 


ap_related_info_discoverymethod={0|1}& 
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splay_custom_footer={0|1}& 
splay_custom_footer_text={value}& 
ap_exclude_account_id={0|1}& 

Iters 


ap uded_hostt 


uded_hostt 
uded_hostt 


v oOo 9 
2) 
DRD OO 


e y 

e y 
included_hosttypes_live={0|1}& 
nc > 

e y 


a 
ap_included_hosttypes_rogue={0|1}& 
cluded Discovery Methods 
ap_idm_tcp={0|1}& 

ap_idm_udp={0|1}& 

ap_idm_traceroute={0|1}& 
ap_idm_other={0|1}& 
a 
a 
a 
c 
a 
a 


p_idm_dns={0|1}& 
p_idm_icmp=({0|1}& 
p_idm_auth={0|1}& 

uded Status Levels 
p_included_statuses_added={0|1}& 


SS8S8S8S8888 S88 R858 RP88888 78 Be 


m 
m 
map_included_statuses_active={0|1}& 


- 


ncluded_os={value}& 
Update Map Template (PUT) 
/api/2.0/fo/report/template/map/ 
action=update 
report_format=xml 
template_id={value}& 
Delete Map Template (POST) 
/api/2.0/fo/report/template/map/ 
action=delete 
template_id={value}& 
Export Map Template (GET) 
/api/2.0/fo/report/template/map/ 


action=export 
report_format=xml 
template_id={value}& 


pes_innetblock={0|1}& 
uded_hosttypes_scannable={0|1}& 


pes_approved={0|1}& 
pes_outofnetblock={0|1} 


ap included hosttypes_notscannable={0|1} 


p included hosttypes notlive=(0[1)8 


p included statuses removed=/(0[1)8 


dns_exclusions={none|DNS|DNS-DNSZone}& 


Remediation 


ticket_list.php? (GET + POST) 


{ticket-selection} 
show_vuln_details={0|1}& 


ticket_edit.php? (GET + POST) 
{ticket-selection} 
change_assignee={login}& 
change_state={OPEN|RESOLVED|IGNORED} 
reopen_ignored_days={value}& 
add_comment={value}& 
network_id={value}& 


ticket_delete.php? (GET + POST) 
{ticket-selection} 


{ticket-selection}: 


ticket_numbers={num,range...}& 
since ticket number={num}& 


un 


til_ticket_number={num}& 


ticket_assignee=(login}& 
overdue={0|1}& 
invalid={0|1}& 
states={OPEN|RESOLVED|CLOSED] 
IGNORED}& 
modified_since_datetime={date/time}& 
ips=(ip,range...}& 
asset_groups={value,value...}& 


dn 
ne 
vu 


s_contains={string}& 
tbios_contains={string}& 
n_severities={1,2,3,4,5}& 


potential_vuln_severities=(1,2,3,4,5)8 
qids=(value,value... 10 max}& 


vu 
vu 


n_title_contains={string}& 
n_details_contains={string}& 


vendor_ref_contains={string}& 


ne 


ticket 
tic 
sin 
un 
de 
de 


twork_id={value}& 


list_deleted.php? (GET + POST) 


ket_numbers={num,range...}& 

ce ticket number={num}& 
til_ticket_number={num}& 
eted_since_datetime={date/time}& 


Ignor 


eted_before_datetime={date/time}& 


e Vulnerability 


/ignore_vuln/index.php (GET +POST) 
action=fignore|restore}& 
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gids={value,value... 10 max}& 
comments={value}& 
*)asset_groups={value,value...}& 
Sips=fip,range...}& 

tag set_include={value}& 
tag set_exclude={value}& 
tag set _by={idname}& 
tag include_selector={allJany}& 
tag exclude_selector={alljany}& 

use ip nt range tags include={0|1}& 
use ip nt range tags exclude=/(0|1)8 
dns_contains={string}& 
netbios_contains={string}& 
reopen_ignored_days={1-730}& 
reopen_ignored_date={date}& 
network_id={value}& 


Notes: One of these (*) is required 


RT RT RT RT RT RT XX 


Compliance Info 


Controls / Policies 


List Controls: (GET + POST) 
/api/2.0/fo/compliance/control/ 
action={list}& 
echo_request={0|1}& 
details={Basic|All|None}& 
ids={id,range...}& 
id_min={id}& 
id_max={id}& 
updated_after_datetime={date/time}& 
created_after_datetime={date/time}& 
truncation_limit={value} 


List Policies: (GET + POST) 
/api/2.0/fo/compliance/policy/ 
/api/2.0/fo/compliance/fdcc/policy/ 
action={list}& 
echo_request={0|1}& 
details={Basic|All|None}& 
ids={id,range...}& 
id_min=fid}& 
id_max={id}& 
updated_after_datetime={date/time}& 
created_after_datetime={date/time}& 


Policy Export: (GET + POST) 
/api/2.0/fo/compliance/policy/ 
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action=export& 
echo_request={0|1}& 
id={value}& -or- title={value}& 
show_user_controls={0|1}& 
show_appendix = {0|1} 

IS CONTROL DISABLE 


Policy Import: (POST) 
/api/2.0/fo/compliance/policy/ 


action=import& 
echo_request={0|1}& 
xml_file& 

title=[value}& 
create_user_controls={0|1}& 


Policy - Manage Asset Groups: (POST) 
/api/2.0/fo/compliance/policy/ 


action={add_asset_group_ids| 
set_asset_group_ids|remove_asset_group_ids}& 

echo_request={0|1}& 

id={value}& 

asset_group_ids={value}& 

evaluate_now=(0|1}& 


Policy - Manage Asset Tags: (POST) 
/api/2.0/fo/compliance/policy/ 


action={add_asset_tags| 
set_asset_tags|remove_asset_tags}& 

id={value}& 

evaluate_now={0|1}& 

tag include_selector=(all| any}& 

tag_exclude_selector={all |jany}& 

tag_set_by={id|jname}& 

tag set include=!tag id|jname}& 

tag set_exclude=[tag idjname} 


List Posture Info: (GET + POST) 
/api/2.0/fo/compliance/posture/info/ 


action={list}& 

policy_id={id} or policy_ids={id1,id2,...}& 
echo_request={0|1}& 
output_format={xml|csv|csv_no_metadata} 
details={Basic|Light|All|None}& 
hide_evidence={0|1}& 
show_extended_evidence={0|1}& 
ips={ip,range...}& 

host_ids={id,id...}& 

control_ids={id,id...}& 
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ids={id,range...}& 
id_min={id}& 
id_max={id}& 


status_changes_since={date/time}& 


evaluation_date={date/time}& 
asset_group_ids={value} 
status={Passed|Failed|Error}& 
show_remediation_info={0|1}& 
truncation_limit={value}& 
cause_of_failure={0|1}& 
criticality_labels={value}& 
criticality_values={value}& 
include_dp_name={value}& 

tag set_by={idname}& 

tag include_selector=(alllany)8 
tag_exclude_selector={alllany}& 
tag_set_include={value}& 
tag_set_exclude={value}& 
filter_hosts={0|1}& 


Notes: Up to 10 policies for “policy_ids”. 


Policy Merge: (GET + POST) 
/api/2.0/fo/compliance/policy/ 
action={merge}& 
id={id}& 


merge_policy_id={id} or {policy XML data}& 


replace_cover_page={0|1}& 
replace_asset_groups={0|1}& 
add_asset_groups={0|1}& 
add_new_technologies={0|1}& 
add_new_controls={0|1}& 
update _section_heading={0|1}& 
update existing controls={0|1}& 
preview_merge=(0|1}& 


Exceptions 


List Exceptions: (GET + POST) 
/api/2.0/fo/compliance/exception/ 


action=(list}& 
exception_number={value}& 
ip={value}& 
network_name={value}& 
status={value}& 
control_id={value}& 
control_statement={value}& 
policy_id={value}& 


technology_name={value}& 
assignee_id={value}& 
created_by={value}& 
modified_by={value}& 
details={Basic|All|None}& 
is_active={O|1}& 
created_after_date={mm/dd/yyyy}& 
updated_after_date={mm/dd/yyyy}& 
expired_before_date={mm/dd/yyyy}& 
expired_after_date={mm/dd/yyyy}& 
exception_numbers={value}& 
exception_number_min={value}& 
exception_number_max={value}& 
truncation_limit={value}& 


Request Exceptions: (POST) 
/api/2.0/fo/compliance/exception/ 


action={request}& 
control_id={value}& 
host_id={value}& 
policy_id={value}& 
technology_id={value}& 
instance_string={value}& 
assignee_id={value}& 
comments={value}& 
reopen_on_evidence_change={0|1}& 


Update Exceptions: (POST) 
/api/2.0/fo/compliance/exception/ 


action={update}& 
exception_numbers=({value}& 
comments={value}& 

reassign _to={value}& 
reopen_on_evidence_change={0|1}& 
status={Pending|Approved|Rejected}& 
end_date={mm/dd/yyyy}& 


Delete Exceptions: (POST) 
/api/2.0/fo/compliance/exception/ 


action={delete}& 
exception_numbers={value}& 
ARF Report 
SCAP Scan Results: (GET + POST) 
/api/2.0/fo/compliance/scap/arf/ 


scan_id={id}& 
ips=({ip,range...}& 
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ips_network_id={value}& 


Cyberscope Report 


SCAP Scan Results: (GET + POST) 
/api/2.0/fo/asset/host/cyberscope/fdcc/scan/ 


scan_id={id}& 

scan_ref={ref}& 
ips={ip,range...}& 

organisation namel={name1}& 
organisation name2={name2}& 
organisation name3={name3}& 


Notes: “scan_id” or “scan_ref is required. 


SCAP Policy Results: (GET + POST) 
/api/2.0/fo/asset/host/cyberscope/fdcc/policy/ 


policy_id={id}& 
ips=({ip,range...}& 
ag ids=fid,id...}& 
organisation_namel={name1}& 
organisation_name2={name2}& 
organisation_name3={name3}& 
Notes: All FDCC scanned hosts for the FDCC 
policy are included unless the filters “ip” and/or 
“ag ids” are specified. 


SCAP Global Results: (GET + POST) 
/api/2.0/fo/asset/host/cyberscope/ 


ips=({ip,range...}& 
ag ids=fid,id...}& 
organisation namel={name1}& 
organisation name2={name2}& 
organisation name3={name3}& 


Notes: “ips” or “ag ids” is required. VM scan data 
is reported in the datapoint <sr:DataPoint id: 
"vulnerability_managment_product_vulnerabilitie 
s”> 

SCAP Policy List: (GET + POST) 


/api/2.0/fo/compliance/fdcc. policy/ 
action={list}& 
echo_request={0|1} 
details={Basic|All|None} 
ids={value} 
id_min={value} 
id_max={value} 
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Users 


user.php? (GET + POST) 
Add User: 


action={add}& 

send_email={0|1}& 
user_role={manager|unit_manager|scanner| 
reader|contact|administrator}& 
business_unit={Unassigned[{value}}& 


Edit User: 


action={edit}& 
login={login}& 


Permissions Info (Add or Edit User): 


asset_groups={value,value...}& 


Notes: 1) “asset_groups” applies only to Scanner, 
Reader and Contact. 


General Info (Add or Edit User): 


first_name={value}& 
last name={value}& 
title={value}& 
phone={value}& 
fax={[value}& 
email={value}& 
address1={value}& 
address2={value}& 
city={value}& 
country={value}& 
state={value}& 
zip_code={value}& 
external_id={value}& 
time_zone_code={code or null to set to 
browser's timezone}& 


Notes: 1) Required contact info for add request in 
bold above. For edit request, all contact info is 
optional. 2) “state” is required for some country 
codes. 
Activate/Deactivate Request: 
action={activate|deactivate}& 
login={login}& 
user_list.php? (GET + POST) 


external_id_contains={string}& 
external_id_assigned={0|1}& 
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action_log_report.php? (GET POST) 


date_from={date/time}& 
date_to={date/time}& 
user_login={login}& 


password_change.php? (GET POST) 


user logins={login,login...|all}& 
email={0|1}& 


Activity Log v2 
(/api/2.0/fo/activity_log/) 


Export user activity log (GET + POST) 
action={list}& 

user_action={value}& 

action details=(user logged injuser logged 

out) x 

username={value}& 

user_role={Manager|Unit 

Manager|Auditor|Scanner|Reader|KnowledgeB 

ase Only|Remediation User|Contact}& 

since_datetime={YYYY-MM-DD HH:il:ss)8z 

until datetime=(YYYY-MM-DD HHiii:ss}& 

output format=CSV 


PS 


truncation_limit={value}& 
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Activity Log v1 


action_log_report.php Function 

(/msp/action_log report.php) 
action=(list}& 
date_from={YYYY-MM-DD HHiii:ss} 
date_to=[YYYY-MM-DD HHiii:ss} 
user_login={value} 


Cloud Agent API 


Use these API calls to manage, activate, and 
configure your cloud agents. 


Agent Management | Activation Key | Configuration 
Profile 


Looking for more information? 
Qualys Cloud Agent API User Guide 


Agent Management 


Current agent count 
/qps/rest/2.0/count/am/hostasset (POST) 


Filters (optional): 

id (Long) 

name (String) 

created (Date) 

updated (Date) 

tagName (String) /Cloud Agent 


Notes: To get a count of agents installed, nothing 
other than the filter tagName EQUALS Cloud 
Agent is recommended. The more filters added to 
the request will result in a more refined count. 


List agents 


/qps/rest/2.0/search/am/hostasset (POST) 


Required: 
tagName (String) /Cloud Agent 


Optional: 
Click here for AM and Tagging API User Guide 


Activate a single agent 


/qps/rest/2.0/activate/am/asset/<id>?module= 
<value>,<value>(POST) 


*see module parameter values 


Activate agents in bulk 


/qps/rest/2.0/activate/am/asset?module=<value>, 


<value> (POST) 


*see module parameter values 
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Filters (optional): 

id (Long) 

name (String) 

created (Date) 

updated (Date) 

tagName (String) /Cloud Agent 


Notes: To activate all agents installed, nothing 
other than the filter tagName EQUALS Cloud 
Agent is recommended. The more filters added to 
the request we'll activate a more refined list of 
agents. 


Deactivate a single agent 
/qps/rest/2.0/deactivate/am/asset/<id>?module= 
<value>,<value> (POST) 


*see module parameter values 


Deactivate agents in bulk 
/qps/rest/2.0/deactivate/am/asset?module= 
<value>,<value> (POST) 
*see module parameter values 

Filters (optional): 

id (Long) 

name (String) 

created (Date) 


updated (Date) 
tagName (String) /Cloud Agent 


Notes: To deactivate all agents installed, nothing 
other than the filter tagName EQUALS Cloud 
Agent is recommended. The more filters added to 
the request we'll deactivate a more refined list of 
agents. 


*module parameter values 
These values are supported: 
AGENT_VM - for VM module 
AGENT_PC - for PC module 
AGENT_FIM - for FIM module 
AGENT_IOC - for IOC module 


Qualys API Quick Reference Guide 
Cloud Agent API 


Uninstall a single agent 
/qps/rest/2.0/uninstall/am/asset/<id> (POST) 


Uninstall agents in bulk 


/qps/rest/2.0/uninstall/am/asset (POST) 


Filters (op 
id (Long) 
name (String) 

created (Date) 

updated (Date) 

tagName (String) /Cloud Agent 


tional): 


Notes: The use of NOT EQUALS operator is not 
supported during agent uninstall. This is to avoid 
unintended consequences of Tags and Assets 
being deleted or updated. 


Activation Key 


Get a single activation key 
/qps/rest/1.0/get/ca/agentactkey/<id> (GET) 


Search activation keys 


/qps/rest/1.0/search/ca/agentactkey/ (POST) 


Filters (optional): 

type (string) 
countPurchased (Integer) 
expireDate (Date) 
modules (string) 

tags (string) 

isDisabled (boolean) 


Create an activation key 
/qps/rest/1.0/create/ca/agentactkey/ (POST) 


Filters (optional): 

type (string) 
countPurchased (Integer) 
expireDate (Date) 
modules (string) 

tags (string) 


Delete an activation key 
/qps/rest/1.0/delete/ca/agentactkey/<id> (POST) 


Update an activation key 


/qps/rest/1.0/update/ca/agentactkey/<id> (POST) 


Filters (optional): 

id (Integer) 

type (string) 
countPurchased (Integer) 
expireDate (Date) 
modules (string) 

tags (string) 

isDisabled (boolean) 
applyOnAgents (boolean) 


Configuration Profile 


Get a single configuration profile 
/qps/rest/1.0/get/ca/agentconfig/<id> (GET) 


Search configuration profiles 


/qps/rest/1.0/search/ca/agentconfig/ (POST) 


Filters (optional): 
name (string) 
id (Integer) 


Create a configuration profile 


/qps/rest/1.0/create/ca/agentconfig/ (POST) 


Filters (optional): 
name (string) 
description (string) 
priority (Integer 
isDefault (Integer) 
suspendScanning (boolean) 
tags (string) 
blackoutConfig (string) 
performanceProfile (string) 
id (Integer) 


Delete a configuration profile 
/qps/rest/1.0/delete/ca/agentconfig/<id> (POST) 
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Update a configuration profile 


/qps/rest/1.0/update/ca/agentconfig/ (POST) 


Filters (optional): 
name (string) 
description (string) 
priority (Integer 
isDefault (Integer 
suspendScanning (boolean) 
tags (string) 
blackoutConfig (string) 
performanceProfile (string) 
id (Integer) 


— 
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Asset Management & 
Tagging API 


Use these API calls to manage assets, tags and 
access to your assets. 


Networks | Assets| Asset Groups | Tag | Host Asset | 
Asset | Host Instance Vulnerability | Asset Data 
Connector | Asset Data Connector | AWS Asset Data 
Connector | AWS Authentication Record 

Looking for more information? 

Qualys API (VM, PC) User Guide 

Qualys API (VM, PC) XML/DTD Reference 

Qualys Asset Management & Tagging API User Guide 


Networks 
/api/2.0/fo/network/ 


Network List: (GET + POST) 
action={list}& 
echo_request={0|1}& 
ids=fid1,1d2...}& 


Network: (POST) 


action={create|update}& 
name={value}& 
echo_request={0|1}& 


Assets 


IP Assets 
/api/2.0/fo/asset/ip/ 


List IPs: (GET + POST) 
action={list}& 
echo_request={0|1}& 
ips={ip,range...}& 
tracking_method={IP|DNS|NETBIOS}& 
compliance_enabled={0|1}& 
network_id={id}& 
certview_enabled={0|1} 


Add IPs: (POST) 


action={add}& 
echo_request={0|1}& 
ips={value} -or- {POSTed CVS raw data}& 
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tracking _method={value}& 
enable_vm={0|1}& 
enable_pc={0|1}& 
owner={value}& 

ud1 | ud2 | ud3={value}& 
comment={value}& 
ag_title={value}& 


Update IPs: (POST) 
action={update}& 
echo_request={0|1}& 
ips={value} -or- (POSTed CVS raw data}& 
network_id={value}& 
tracking_method={value}& 
host_dns={name} -or- host_netbios={name}& 
owner={value}& 
ud1=(value}& 
ud2={value}& 
ud3={value}& 
comment={value}& 


Host Assets 
/api/2.0/fo/asset/host/ 


Host List: (GET + POST) 

action={list}& 

echo_request={0|1}& 

details={Basic|Basic/AGs|All|All/AGs|None}& 

show. asset id=(0/1)8 
ips=(ip,range...)8x 
ipv6={ip,range...}& 
ids={id,range...}& 
ag_ids={value,value...}& 
ag_titles={value,value...}& 
id_min={id}& 
id_max={id}& 
no_vm_scan_since={date/time}& 
vm_scan_since={date/time}& 
no_compliance_scan_since={date/time}& 
compliance_scan_since={date/time}& 
vm_processed_before={date}& 
vm_processed_after={date}& 
vm_scan_date_before={date}& 
vm_scan_date_after={date}& 
vm_auth_scan_date_before={date}& 
vm_auth_scan_date_after={date}& 
compliance_enabled={0|1}& 
os_pattern={PCRE regex}& 
use_tags={0|1}& 


Qualys API Quick Reference Guide 
Asset Management & Tagging API 


tag_set_by={id|jname}& 
tag_include_selector={alljany}& 
tag_exclude_selector={alljany}& 
tag_set_include={value}& 
tag_set_exclude={value}& 
show_tags={0|1}& 
truncation_limit={value}& 
network_ids={id1,id2...}& 
host_metadata={alllec2|google|azure}& 
host_metadata_fields=(valuel,value2)8 
show_cloud_tags={0|1}& 


cloud_tag_fields={value}& 


Notes: If compliance_enabled=1 is specified in the 
same request as data_scope, then vulnerability 
and compliance data will both be purged 
regardless of the data_scope value. 


Patch List: (GET) 


host_id={value}& 
output_format={xm]}& 


Host Detection Assets 
/api/2.0/fo/asset/host/vm/detection/ 


Host Detection List: (GET + POST) 
action={list}& 
echo_request={0|1}& 
show_asset_id={0|1}& 

ids={id,range...}& 

id_min={id}& 
ag_ids={value,value...}& Sel ee ja: 

ag_titles={value,value...}& pee 7 E 18 

network_id={value}& 0 ka 

network_name={value}& ag id= Value value. 

t 


* ag titles=fvalue,value...}& 
racking method={value}& use_tags =(0|1}& 


tag_set_by={idjname}& 
tag_include_selector={alllany}& 


+ 


Host Update: (POST) 
action={update}& 
echo_request={0|1}& 
ips=fip,range...}& 
ids={value}& 


ost_dns={value}& 
ost_netbios={value}& 


h 

h 

a E $ tag_exclude_selector={alllany}& 
n 
n 
n 
n 


ew_ud1=lvalue}& tag_set_include=(valuejér 

& tag set exclude={[value}& 
show_tags={0|1}& 
vm_scan_since={date/time}& 
no_vm_scan_since={date/time}& 
max_days_since_last_vm_scan={date|time}& 
compliance_enabled={0|1}& 
os_pattern={PCRE regex}& 
gids={value}& 
severities={value}& 
show_igs={0|1}& 
show_results={0|1}& 
show_reopened_info={0|1}& 
output_format=(XML|CSV] 
CSV_NO_METADATA|CSV_NO_METADATA_ 
MS_EXCEL|CSV_MS_EXCEL}& 


ew_ud2={value} 
ew_ud3={value}& 
ew_comment={value}& 


Purge Hosts: (POST) 
action={purge}& 
echo_request={0|1}& 
*ips=fip,range...}& 
*ids=fid,range...}& 
*ag ids={value,value...}& 
“ag titles={value,value...}& 
no_vm_scan_since={date/time}& 
no_compliance_scan_since={date/time}& 
data_scope={vm|pc|vm,pc}& 


compliance_enabled={0|1}& 
os_pattern={PCRE regex}& 
network_ids={id1,id2...}& 
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suppress_duplicated_data_from_csv={0|1}& 


truncation_limit={value}& 
status={New,Active,Re-Opened,Fixed}& 
‘include search_list_titles={value}& 
*exclude_search list titles={value}& 
“include search list ids=(value)8x 
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*exclude_search_list_ids={value}& tag_exclude_selector={anylall}& 
active_kernels_only={0|1|2|3}& tag_set_by={id|jname}& 
network_ids={id1,1d2...}& tag_set_include={value}& 
dectection_processed_before={date}& tag set_exclude={value}& 
dectection_processed_after={date}& 

detection_updated_before={date}& Notes: “use_tags=1” must be specified with other 
detection updated since=(date) tag filter parameters. 


madame kust prati (Ul escu Hosts Change History: (GET + 
detection_last_tested_since_days={value}& mere 
detection_last_tested_before=(date}& /api/2.0/fo/asset/excluded_ip/history/ 
detection_last_tested_before_days={value}& action={list}& 
host_metadata={all|ec2|google|azure}& echo_request={0|1}& 
host metadata fields=(value1,value2)8 ips={ip,range...}& 
show_cloud_tags={0|1}& ids={id,range...}& 
cloud_tag_fields={value}& id_min={id}& 
filter_superseded_qids={0|1}& id_max={id}& 

Notes: 1) *include/exclude cannot be specified network_id={id}& 

with “qids” or “severities” in same request. Search 

list titles and IDs cannot be included/excluded in Manage Excluded Hosts: (POST) 


the same request. “show_igs” is required if /api/2.0/fo/asset/excluded_ip/ 

included search lists contain only Information action={add|remove]remove_all}& 

Gathered. echo_request={0|1}& 

2) A request with “max days since vm scan” ips=(ip,range...}& 

cannot also include “vm, scan, since” or comment={value}& 

“no vm. scan since”. expiry_days={value}& (for action=add) 

3) A request with dgn lato — action=add) 

“max_days_since_detection_updated” cannot also a (vale) 

include “detected_updated_since”. E i a » 
Notes: “ips” is invalid for “remove all”. 


Excluded Hosts 


Excluded Hosts List: (GET + POST) 
/api/2.0/fo/asset/excluded_ip/ 
action={list}& 


Virtual Host Assets 
/api/2.0/fo/asset/vhost/ 
Virtual Host List: (GET + POST) 


echo_request=(0/1)8: ai 
ips=fip,range...}& i x mo 
network_id=fid}& ip={ip} 

port={port}& 
Filter by asset groups: Virtual Host: (POST) 


ag_ids={value}& 


ag titles={value}& E et add tach 


Notes: “ag ids” and “ag titles” are mutually sche request te 


ve ip={ip}& 
exclusive and cannot be specified together. port=({port}& 
Filter by asset tags: fqdn={fqdn}& 
use_tags={0|1}& Notes: “fgdn” is invalid for “delete fgdn”. 


tag include_selector=(anylall) & 
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IPv6 Host Assets 
/api/2.0/fo/asset/ip/v4_v6/ 


IPv6 Mapping Records List: (GET + POST) 
action={list}& 
echo_request={0|1}& 
id_min={id}& 
id_max={id}& 
ipv4_filter={value}& 
ipv6_network={value}& 
output_format={csv]xml}& 
truncation_limit={value}& 


Notes: Subscription authorization is required. 


Add IPv6 Mapping Records: (POST) 
action={add}& 
echo_request={0|1}& 
csv_data={value}& 

xml _data={value}& 
all_or_nothing={0|1}& 


Notes: Subscription authorization is required to 
use. “csv data” or “xml_data” is required 
Remove IPv6 Mapping Records: (POST) 


action={remove}& 

echo_request={0|1}& 

csv_data={value}& 

xml_data={value}& 
Notes: Subscription authorization is required to 
use. “csv data” or “xml_data” is required 


Restricted IPs 
/api/2.0/fo/setup/restricted_ips/ 


Manage Restricted IPs: (GET + POST) 
action={list|activate|add|delete|replace|clear} 


echo_request={0|1}& 

enable={0|1}& 

ips={value} or CSV raw data upload& 
output_format={CSV|XML} 


Asset Data 


asset_data_report.php? (GET) 


template_title={value}& 
template _id={value}& 
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Notes: one parameter is required 


asset_range_info.php? (GET) 
target ips={ip,range...}& 
target_asset_groups={value,value...}& 


Notes: one or both parameters is required 


get_host_info.php? (GET) 
host_ip={ip}& 
host_dns={hostname}& 
host_netbios={hostname}& 
vuln_severity={1,2,3,4,5|all/none}& 
potential vuln severity=(1,2,3,4,5[alljnone) 8 
ig_severity=({1,2,3,4,5|all[none}& 
general_info={0|1}& 
vuln_details={0|1}& 
ticket_details={0|1}& 


Notes: One of these parameters is required: 
host_ip or host_dns or host_netbios 


Asset Groups 
/api/2.0/fo/asset/group/ 


Asset Group List: (GET + POST) 
action=(list}& 
echo_request={0|1}& 
ids={id,id,id...}& 
id_min={id}& 
id_max={id}& 
truncation_limit={value}& 
network_ids={id,id,id...}& 
unit_id={value}& 
user_id={value}& 
show_attributes={None or All or a comma- 
separated list of: TITLE, OWNER, 
OWNER_USER_NAME, NETWORK_IDS, 
LAST_UPDATE, IP_SET, APPLIANCE LIST, 
DOMAIN_LIST, DNS_LIST, NETBIOS_LIST, 
EC2_ID_LIST, HOST_IDS, USER_IDS, UNIT_IDS, 
BUSINESS_IMPACT, CVSS, COMMENTS} 


Add Asset Group: (POST) 
action={add}& 
echo_request={0|1}& 
title={value}& 
network_id={value}& 
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comments={value}& 

division={value}& 

location={value}& 

function={value}& 
usiness_impact={critical[high|medium]low] 


Dr 


ue}& 

iance_ids={value}& 
default_appliance_id={value}& 
domains={value}& 

dns_names={value}& 
netbios_names={value}& 
cvss_enviro_cdp={high|medium-high|low- 
medium|low|none}& 
cvss_enviro_td={high|medium|low|none}& 
cvss_enviro_cr={high|medium|low}& 
cvss_enviro_ir={high|medium|low}& 
cvss_enviro_ar={high|medium|low}& 


Edit/Delete Asset Group: (POST) 


action={edit}& 

echo_request={0|1}& 

id={value}& 

{Edit only parameters below} 
set_title={value}& 

set_comments={value}& 
set_division={value}& 

set_location={value}& 

set_function={value}& 
set_business_impact={critical|high|medium|lo 


[none }& 
add|remove|set_ips={value}& 

add|removejset appliance ids=(value) 
_default_appliance_id={value}& 
add|remove|set_domains={value}& 
add|remove|set_dns_names={value}& 
add|remove|set_netbios_names={value}& 
set_cvss_enviro_cdp={high|medium-high]low- 
medium|low|none}& 
set_cvss_enviro_td= 
& 
set_cvss_enviro_cr={high|medium|low}& 
set_cvss_enviro_ir={high|mediumllow}& 
set_cvss_enviro_ar={high|medium|low}& 


=> 


high|medium|low|none} 


=> 


Tag 


Get details on a tag 
/qps/rest/2.0/get/am/tag<id> (GET + POST) 
Required: 
id (long) 
Create a tag 
/qps/rest/2.0/create/am/tag (POST) 


Update a tag 
/qps/rest/2.0/update/am/tag/<id> (POST) 
/qps/rest/2.0/update/am/tag (POST) 


Search tags 
/qps/rest/2.0/search/am/tag (POST) 


Filters: 

id (Long) 

name (string) 

parent (long) 

ruleType (STATIC, GROOVY, OS_REGEX, 
NETWORK_RANGE, NAME_CONTAINS, 
INSTALLED_SOFTWARE, OPEN_PORTS, 
VULN_EXIST, ASSET_SEARCH) 


color (string formatted as #FFFFFF where F 
can be any value between color (0-9 and A-F) 


Count tags 
/qps/rest/2.0/count/am/tag (POST) 


Delete tag 
/qps/rest/2.0/delete/am/tag/<id> (POST) 
/qps/rest/2.0/delete/am/tag (POST) 


Evaluate tag 
/qps/rest/2.0/evaluate/am/tag/<id> (POST) 
/qps/rest/2.0/evaluate/am/tag (POST) 
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Get details on a user 
/qps/rest/2.0/get/admin/user<id> (GET + POST) 
Required: 
id (long) 
Search users 
/qps/rest/1.0/search/admin/user (GET + POST) 


Count users 
/qps/rest/2.0/count/admin/user (POST) 


Host Asset 


Get details on a host asset 
/qps/rest/2.0/get/am/hostasset/<id> (GET + POST) 


Required: 
id (long) 


Create a host asset 
/qps/rest/2.0/create/am/hostasset (POST) 


Update host asset 
/qps/rest/2.0/update/am/hostasset/<id> (POST) 
/qps/rest/2.0/update/am/hostasset (POST) 


Search host assets 
/qps/rest/2.0/search/am/hostasset (POST) 


Filters: 

qwebHostld (long) 

lastVulnScan (date) 
lastComplianceScan (date) 
informationGatheredUpdated (date) 
os (string 
dnsHostName (string) 

netbiosName (string) 
netbiosNetworkID (string) 
networdGuid (string) 

trackingMethod (AssetTrackingMethod) 
port (integer) 


x 
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installedSoftware (string) 


Count host assets 
/qps/rest/2.0/count/am/hostasset (GET + POST) 


Delete host asset 
/qps/rest/2.0/delete/am/hostasset/<id> (POST) 
/qps/rest/2.0/delete/am/hostasset/ (POST) 


Activate host asset 


/qps/rest/2.0/activate/am/hostasset/<id>?module 


WEB_VM (POST) 


/qps/rest/2.0/acti 
EB_VM (POST) 


/qps/rest/2.0/activate/am 
=QWEB_PC (POST 


/qps/rest/2.0/acti 
EB_PC (POST) 


vate/am/hostasset?module=QW 


ostasset/<id>?module 


1 
— 


/h 
/h 
/h 
/h 


vate/am/hostasset?module=QW 


Asset 


Get details on an asset 
/qps/rest/2.0/get/am/asset/<id> (GET + POST) 


Required: 
id (long) 


Update asset 
/qps/rest/2.0/update/am/asset/<id> (POST) 
/qps/rest/2.0/update/am/asset (POST) 


Search assets 
/qps/rest/2.0/search/am/asset (POST) 


Filters: 

id (long) 

name (string) 

created (date) 

updated (date) 

type (UNKNOWN. HOST, SCANNER, WEBAPP, 
MALWARE_DOMAIN) 

tagName (string) 

tagld (string) 
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Count assets 
/qps/rest/2.0/count/am/asset (POST) 


Delete asset 
/qps/rest/2.0/delete/am/asset/<id> (POST) 
/qps/rest/2.0/delete/am/asset (POST) 


Activate asset 


/qps/rest/2.0/activate/am/asset/<id>?module=Q 
WEB_VM (POST 


/qps/rest/2.0/activate/am/asset?module=QWEB_V 
M (POST) 
/qps/rest/2.0/activate/am/asset/<id>?module=Q 
WEB_PC (POST) 


/aps/rest/2.0/activate/am/asset?module=OWEB P 
C (POST 


Host Instance Vulnerability 


Get details on a vulnerability 


/qps/rest/2.0/get/am/hostinstancevuln/<id> (GET 
+ POST) 


Filter (optional): 
id (long) 


Search vulnerabilities 
/qps/rest/2.0/search/am/hostinstancevuln (POST) 


Filters (optional): 

id (long) 

name (string) 

parentTagld (long) 

ruleType (STATIC, GROOVY, OS_REGEX, 
NETWORK_RANGE, NAME_CONTAINS, 
INSTALLED_SOFTWARE, OPEN_PORTS, 
VULN_EXIST, ASSET_SEARCH) 

color (string formatted as #FFFFFF where F 
can be any value between color (0-9 and A-F) 


Count vulnerabilities 
/qps/rest/2.0/count/am/hostinstancevuln (POST) 


Asset Data Connector 


Get details on a connector 


/qps/rest/2.0/get/am/assetdataconnector/<id> 
(GET + POST) 


Filter (optional): 
id (Integer) 


Update connector 


/qps/rest/2.0/update/am/assetdataconnector/<id 
> (POST) 


/qps/rest/2.0/update/am/assetdataconnector 
(POST) 


Search connectors 


/qps/rest/2.0/search/am/assetdataconnector 
(POST) 


Filters: 

id (long) 

name (string) 

lastSync (date) 

lastError (date) 
connectorState (PENDING, RUNNING, 
SUCCESS or Error) 
activation (VM or PC) 
defaultTags.name (string) 
defaultTag (long) 
disabled (Boolean) 


Count connectors 
/qps/rest/2.0/count/am/assetdataconnector 
(POST) 

Delete connector 


/qps/rest/2.0/delete/am/assetdataconnector/id> 
(POST) 


/qps/rest/2.0/delete/am/assetdataconnector 
(POST) 


Run connector 


/qps/rest/2.0/run/am/assetdataconnector/<id> 
(POST) 


/qps/rest/2.0/run/am/assetdataconnector/<id> 
(POST) 


AWS Asset Data Connector 


Get details on an AWS connector 


/qps/rest/2.0/get/am/awsassetdataconnector/<id> 
(GET + POST) 


Filter (optional): 
id (Integer) 


Create AWS connector 


/qps/rest/2.0/create/am/awsassetdataconnector 
(POST) 


Optional: 
isGovCloudConfigured (Boolean) 


Update AWS connector 


/qps/rest/2.0/update/am/awsassetdataconnector/ 
<id> (POST) 


/qps/rest/2.0/update/am/awsassetdataconnector 
(POST) 


Optional: 
isGovCloudConfigured (Boolean) 


Search AWS connectors 


/qps/rest/2.0/search/am/awsassetdataconnector 
(POST) 


Filters: 

id (long) 

name (string) 

lastSync (date) 

lastError (date) 
connectorState (PENDING, RUNNING, 
SUCCESS or Error) 

activation (VM or PC) 
defaultTags.name (string) 
allRegions (Boolean) 
serviceType (AwsServiceType) 
endpoint.region (string) 
uthRecord (long) 
uthRecord.name (string) 
isabled (Boolean) 


AD o 
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Count AWS connectors 
/qps/rest/2.0/count/am/awsassetdataconnector 
(POST) 
Delete AWS connector 


/qps/rest/2.0/delete/am/awsassetdataconnector/i 
d> (POST) 


/qps/rest/2.0/delete/am/awsassetdataconnector 
(POST) 
Run AWS connector 


/qps/rest/2.0/run/am/awsassetdataconnector/<id 
> (POST) 


/qps/rest/2.0/run/am/awsassetdataconnector/<id 
> (POST) 


AWS Authentication Record 


Get details on AWS record 
/qps/rest/2.0/get/am/awsauthrecord/<id> 
(GET + POST) 

Filter (optional): 

id (Integer) 
Create AWS record 
/qps/rest/2.0/create/am/awsauthrecord (POST) 


Update AWS record 


/qps/rest/2.0/update/am/awsauthrecord/<id> 
(POST) 


/qps/rest/2.0/update/am/awsauthrecord (POST) 


Search AWS records 


/qps/rest/2.0/search/am/awsauthrecord (POST) 


Filters: 

id (long) 

name (string) 
description (string) 
created (date) 
modified (date) 
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Count AWS records 
/qps/rest/2.0/count/am/awsauthrecord (POST) 


Delete AWS record 


/qps/rest/2.0/delete/am/awsauthrecord/id> 
(POST) 


/qps/rest/2.0/delete/am/awsauthrecord (POST) 
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Continuous Monitoring 
API 


Use these API calls to manage alerts, profiles, rule 
sets, and rules to monitor your assets. 


Alerts | Profiles | Rulesets | Rules 
Looking for more information? 


Qualys Continuous Monitoring API User Guide 


Alerts 


Search alerts 


/qps/rest/1.0/search/cm/alert (POST) 


Filters (optional): 

id (Integer) 

eventType (HOST_FOUND, HOST_UPDATED, 
HOST_PURGED, PORT_OPEN, 
PORT_CHANGED, PORT_CLOSED, 
SOFTWARE_ADDED, SOFTWARE_REMOVED, 
SSL_NEW, SSL_EXPIRED, SSL_EXPIRY, 
ICKET_OPEN, TICKET_RESOLVED, 
ICKET_CLOSED, VULN_OPEN, 
VULN_CLOSED, VULN_REOPENED, 
VULN_ACTIVE, VULN_PREDICTION_ADDED, 
VULN_PREDICTION_CHANGED, 
VULN_PREDICTION_CLOSED) 

ipAddress (Text) 

hostname (Text) 

isHidden (Boolean) 

eventDate (Date) 

alertDate (Date) 

profileTitle (Text) 


View details on an alert 
/qps/rest/1.0/get/cm/alert/<id> (GET, POST) 


Required: 


id (Integer)  /alert ID 


Download alerts 
/qps/rest/1.0/download/cm/alert (POST) 


Required: 
format (csv|cef) 


Filters (optional): 
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id (Integer) 

eventType (Keyword - see Search above) 
ipAddress (Text) 

hostname (Text) 

isHidden (Boolean) 

eventDate (Date) 

alertDate (Date) 

profileTitle (Text) 


Profiles 


Search profiles 
/qps/rest/1.0/search/cm/profile (POST) 


Filters (optional): 

id (Integer) 

title (Text) 

uuid (Integer) 

frequency (FREQ_NEVER, FREQ_5_MINUTES, 
FREO 20 MINUTES,FREO 1 HR,FREO 2 HRS, 
FREQ 6 HRS, FREQ 12 HRS,FREO. WEEKLY, 
FREO DAILY) 

isActive (Boolean) 

ruleSetTitle (Text) 


View details on an profile 
/qps/rest/1.0/get/cm/profile/<id> (GET, POST) 
Required: 
id (Integer) /profile ID 


Rulesets 


Search rulesets 
/qps/rest/1.0/search/cm/ruleset (POST) 


Filters (optional): 
id (Integer) 

title (Text) 
description (Text) 
dateCreated (Date) 
dateUpdated (Date) 


View details on a ruleset 
/qps/rest/1.0/get/cm/ruleset/<id> (GET, POST) 


Required: 
id (Integer) /ruleset ID 
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Rules 


Search rules 
/qps/rest/1.0/search/cm/rule (POST) 


Filters (optional): 
id (Integer) 
ruleType (HOST, VULN, PORT, SSL, SW) 


View details on a rule 
/qps/rest/1.0/get/cm/rule/<id> (POST) 


Required: 
id (Integer) /rule ID 
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Web Application 
Scanning API 


Use these API calls to scan and report on web 
applications. 


Web Application | Authentication | Scan | Schedule | 
Option Profile | Report | Report Creation | Findings | 
Burp 


Looking for more information? 


Qualys Web Application Scanning API User Guide 


Web Application 


Current web application count 
/qps/rest/3.0/count/was/webapp (GET + POST) 


Filters (optional): 

id (Integer) 

name (Text) 

url (Text) 

tags.name (Text) 

tags.id (Integer) 

createdDate (Date) 
updatedDate (Date) 
isScheduled (Boolean) 
isScanned (Boolean) 
lastScan.status (SUBMITTED, RUNNING, 
FINISHED, CANCELED, ERROR) 
lastScan.date (Date) 


Search web applications 
/qps/rest/3.0/search/was/webapp (POST) 


Filters (optional): 

id (Integer) 

name (Text) 

url (Text) 

tags.name (Text) 

tags.id (Integer) 

createdDate (Date) 
updatedDate (Date) 
isScheduled (Boolean) 
isScanned Boolean) 
lastScan.date (Date) 
lastScan.status (SUBMITTED, RUNNING, 
FINISHED, CANCELED, ERROR) 
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Get details for a web application 
/qps/rest/3.0/get/was/webapp/<id> (GET) 


Required: 
id (Integer) /web application ID 


Create a web application 
/qps/rest/3.0/create/was/webapp (POST) 


Required: 
name (Text) 
url (Text) 


Optional: 
Click here for WAS API User Guide 


Update a web application 
/qps/rest/3.0/update/was/webapp/<id> (POST) 


Required: 
id (Integer) 


Optional: 
Click here for WAS API User Guide 


Delete web applications 
/qps/rest/3.0/delete/was/webapp/<id> (POST) 
/qps/rest/3.0/delete/was/webapp/<filters> (POST) 


Required: 
id (Integer) /web application ID 


Filters (optional): 

name (Text) 

url (Text) 

tags.name (Text) 

tags.id (Integer) 

createdDate (Date) 
updatedDate (Date) 
isScheduled (Boolean) 
isScanned (Boolean) 
lastScan.status (SUBMITTED, RUNNING, 
FINISHED, CANCELED, ERROR) 
lastScan.date (Date) 


Purge web applications 
/qps/rest/3.0/purge/was/webapp/<id> (POST) 
/qps/rest/3.0/purge/was/webapp/<filters> (POST) 


Required: 
id (Integer) /web application ID 
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Filters (optional): 

name (Text) 

url (Text) 

tags.name (Text) 

tags.id (Integer) 

createdDate (Date) 
updatedDate (Date) 
isScheduled (Boolean) 
isScanned (Boolean) 
astScan.status (SUBMITTED, RUNNING, 
FINISHED, CANCELED, ERROR) 
astScan.date (Date) 


Authentication 


Current authentication record count 
/qps/rest/3.0/count/was/webappauthrecord 
(POST + GET) 


Filters (optional): 

id (Integer) 

name (Text) 

tags (Integer) 

tags.id (Integer) 

tags.name (Text) 

createdDate (Date) 

updatedDate (Date) 

astScan.date (Date) 
astScan.authStatus (NOT_USED, 
SUCCESSFUL, FAILED, PARTIAL) 
isUsed (Boolean) 

contents (FORM_STANDARD, 
FORM_CUSTOM, FORM_SELENIUM, 
SERVER_BASIC, SERVER_DIGEST) 


Search authentication records 


/qps/rest/3.0/search/was/webappauthrecord 
(POST) 


Filters (optional): 
id (Integer) 
name (Text) 
tags (Integer) 
tags.id (Integer) 
tags.name (Text) 
createdDate (Date) 
updatedDate (Date) 
astScan.date (Date) 
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lastScan.authStatus (NOT_USED, 
SUCCESSFUL, FAILED, PARTIAL) 
isUsed (Boolean) 

contents (FORM_STANDARD, 
FORM_CUSTOM, FORM_SELENIUM, 
SERVER_BASIC, SERVER_DIGEST) 


Get details for an authentication 
record 


/qps/rest/3.0/get/was/webappauthrecord/<id> 
(GET) 


Required: 
id (Integer) /Authentication record ID 


Create a new authentication record 


/qps/rest/3.0/create/was/webappauthrecord 
(POST) 


Required: 
name (Text) 


WebAuthRecord (Text) 
Optional: 

tags 
comments 


Update an authentication record 


/qps/rest/3.0/update/was/webappauthrecord/<id> 
(POST) 


Required: 
id (Integer) /Authentication record ID 


Delete authentication records 


/qps/rest/3.0/delete/was/webappauthrecord/<id> 
(POST) 
/qps/rest/3.0/delete/was/webappauthrecord 
(POST) 


Filters (optional): 
id (Integer 
name (Text) 
tags 
createdDate (Date) 
updatedDate (Date) 
astScan.date (Date) 
astScan.authStatus (Text) 
isUsed (Boolean) 

contents 


Scan 


Current scan count 
/qps/rest/3.0/count/was/wasscan (POST + GET) 


Filters (optional): 
id (Integer) 
name (Text) 
webApp.name (Text) 

webApp.id (Integer) 

webApp.tags (with operator="NONE”) 
webApp.tags.id (Integer) 

reference (Text) 

launchedDate (Date) 

type (DISCOVERY, VULNERABILITY) 

mode (MANUAL, SCHEDULED, API) 

status (SUBMITTED, RUNNING, FINISHED, 
ERROR, CANCELED) 

authStatus (NONE, NOT_USED, 
SUCCESSFUL, FAILED, PARTIAL) 


resultsStatus (NOT_USED, NO_HOST_ALIVE, 


NO_WEB_SERVICE, PROCESSING, 
SCAN_RESULTS_INVALID, 
TIME_LIMIT_REACHED, SERVICE_ERROR, 
SCAN_INTERNAL_ERROR, SUCCESSFUL, 
TO BE PROCESSED) 


Search scans 
/aps/rest/3.0/search/was/wasscan (POST) 


Filters (optional): 
id (Integer) 
name (Text) 
webApp.name (Text) 

webApp.id (Integer) 

webApp.tags (with operator="NONE”) 
webApp.tags.id (Integer) 

reference (Text) 

launchedDate (Date) 

type (DISCOVERY, VULNERABILITY) 

mode (MANUAL, SCHEDULED, API) 

status (SUBMITTED, RUNNING, FINISHED, 
ERROR, CANCELED) 

authStatus (NONE, NOT USED, 
SUCCESSFUL, FAILED, PARTIAL) 
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resultsStatus (NOT_USED, NO_HOST_ALIVE, 
NO_WEB_SERVICE, PROCESSING, 
SCAN_RESULTS_INVALID, 

TIME. LIMIT. REACHED, SERVICE. ERROR, 
SCAN INTERNAL. ERROR, SUCCESSFUL, 

TO BE PROCESSED) 


Get scan details 
/qps/rest/3.0/get/was/wasscan/<id> (GET) 


Reguired: 
id (Integer) /Scan ID 


Launch a new scan (single web 
application) 


/qps/rest/3.0/launch/was/wasscan (POST) 


Reguired: 
name (Text) 


target.webApp.id (Integer) 

type (DISCOVERY, VULNERABILITY) 
profile.id (Integer) * 

Optional: 

target.scannerAppliance.type (EXTERNAL, 
INTERNAL, scannerTags) 
target.scannerAppliance.friendlyName (Text) 
target.webAppAuthRecord.id (Integer) - or - 
target. webAppAuthRecord.isDefault 
(Boolean) 

options 

proxy.id (Integer) 

dnsOverride.id (Integer) 

cancelOption set to DEFAULT - Forces the use 
of the target web app’s cancelScans option if 
set, else fall back to the one passed in to the 
API while launching the scan 

cancelOption set to SPECIFIC - Always use the 
cancel scan option passed while launching 
the scan 

sendMail (Boolean) 

Click here for WAS API User Guide 


Notes: * The element profile (Text) is required 
unless the target has a default option profile. 


Qualys API Quick Reference Guide 
Web Application Scanning API 


Launch a new scan (multiple web 
application) 


/qps/rest/3.0/launch/was/wasscan (POST) 


Required: 
name (Text) 


target.webApps.id (Integer) or target.tags.id 
Integer) 

target.tags.included.option (ALL or ANY), 
target.tags.included.tagList.Tag.id (Integer), 
type (DISCOVERY or VULNERABILITY) 
profile.id (Integer) * 

Optional: 

target.authRecordOption 
target.profileOption 

target.scannerOption 
target.randomizeScan 

Click here for WAS API User Guide 


Notes: * The element profile (Text) is required 
unless the target has a default option profile. 


¡ The element target must have at least tags or 
web applications specified. 

Retrieve the status of a scan 
/qps/rest/3.0/status/was/wasscan/<id> (GET) 


Required: 
id (Integer) /Scan ID 


Retrieve the results of a scan 


= 


/qps/rest/3.0/download/was/wasscan/<id> (GET 


— 


= 


/qps/rest/2.0/download/was/wasscan/<id> (GE 


Required: 
id (Integer) /Scan ID 


~> 


Cancel an unfinished scan 
/qps/rest/3.0/cancel/was/wasscan/<id> (POST) 


Reguired: 
id (Integer) /Scan ID 
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Delete an existing scan 


/qps/rest/3.0/delete/was/wasscan/<id> (POST) 
/qps/rest/3.0/delete/was/wasscan (POST) 


Filters (optional): 

id (Integer) 

name (Text) 

webApp.name (Text) 

webApp.id (Integer) 

reference (Text) 

launchedDate (Date) 

type (DISCOVERY, VULNERABILITY) 

mode (MANUAL, SCHEDULED, API) 

status (SUBMITTED, RUNNING, FINISHED, 
ERROR, CANCELED) 

authStatus (NONE, NOT_USED, 
SUCCESSFUL, FAILED, PARTIAL) 
resultsStatus (NOT_USED, NO_HOST_ALIVE, 
NO_WEB_SERVICE, PROCESSING, 
SCAN_RESULTS_INVALID, 
TIME_LIMIT_REACHED, SERVICE_ERROR, 
SCAN_INTERNAL_ERROR, SUCCESSFUL, 
TO BE PROCESSED) 


Schedule 


Current schedule count 


/qps/rest/3.0/count/was/wasscanschedule 
(POST + GET) 


Filters (optional): 

id (Integer) 

name (Text) 

owner.id (Text) 

createdDate (Date) 

updatedDate (Date) 

type (DISCOVERY, VULNERABILITY) 
webApp.name (Text) 

webApp.id (Integer) 

webApp.tags (with operator="NONE”) 
webApp.tags.id (Integer) 

active (Boolean) 

invalid (Boolean) 


Search schedules 


/qps/rest/3.0/search/was/wasscanschedule (POST) 


Filters (optional): 

id (Integer) 

name (Text) 

owner.id 

createdDate (Date) 

active (Boolean) 

type (DISCOVERY, VULNERABILITY) 
webApp.name (Text) 

webApp.id (Integer) 

webApp.tags (with operator="NONE") 
webApp.tags.id (Integer) 
updatedDate (Date) 


invalid (Boolean) 
lastScan (with operation="NONE”) 
lastScan.launchedDate (Date) 
lastScan.status (SUBMITTED, RUNNING, 
FINISHED, ERROR, CANCELED) 

multi (Boolean) 


Get schedule details 


/qps/rest/3.0/get/was/wasscanschedule/<id> 
(GET) 


Required: 
id (Integer) /Scan ID 


Create a schedule (single web 
application) 


/qps/rest/3.0/create/was/wasscanschedule (POST) 


Required: 
name (Text 


target.webApp.id (Integer) 

type (DISCOVERY, VULNERABILITY) 
profile.id (Integer)* 

startDate (Date) 

timeZone (Text) 

occurrenceType (ONCE, DAILY, WEEKLY, 
MONTHLY) 
notification (Boolean) 

reschedule (Boolean) 

Optional: 

target.scannerAppliance.type (EXTERNAL, 
INTERNAL, scannerTags) 
target.scannerAppliance.friendlyName (Text) 
target.webAppAuthRecord.id (Integer) - or - 
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target.webAppAuthRecord.isDefault 
(Boolean) 

options 

proxy.id (Integer) 

dnsOverride.id (Integer) 

cancelOption set to DEFAULT - Forces the use 
of the target web app’s cancelScans option if 
set, else fall back to the one passed in to the 
API while launching the scan 

cancelOption set to SPECIFIC - Always use the 
cancel scan option passed while launching 
the scan 

sendMail (Boolean) 

Click here for WAS API User Guide 


Notes: * Th 
unless the 


e element profile (Text) is required 
target has a default option profile. 


Create a schedule (multiple web 


applicat 


ion) 


/qps/rest/3.0/create/was/wasscanschedule (POST) 


Required: 
name (Text) 


target.webApps.id (Integer) or target.tags.id 
(Integer) 

target.tags.included.option (ALL or ANY) 
target.tags.included.tagList.Tag.id (Integer) 
type (DISCOVERY, VULNERABILITY) 
profile.id (Integer)* 

startDate (Date) 

timeZone (Text) 

occurrenceType (ONCE, DAILY, WEEKLY, 
MONTHLY) 
notification (Boolean) 

reschedule (Boolean) 

Optional: 

target.authRecordOption 

target.profileOption 

target.scannerOption 

target.randomizeScan 
target.authRecordOption 
target.scannerAppliance.type (EXTERNAL, 
INTERNAL, scannerTags) 
target.scannerAppliance.friendlyName (Text) 
cancelOption set to DEFAULT - Forces the use 
of the target web app’s cancelScans option if 
set, else fall back to the one passed in to the 
API while launching the scan 
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cancelOption set to SPECIFIC - Always use the 
cancel scan option passed while launching 
the scan 

sendMail (Boolean) 

Click here for WAS API User Guide 


Notes: * The element profile (Text) is required 
unless the target has a default option profile. 


Update a schedule 


/qps/rest/3.0/update/was/wasscanschedule/<id> 
(POST) 


Required: 
id (Integer) /Schedule ID 


Optional: 
Click here for WAS API User Guide 


Activate an existing schedule 


/qps/rest/3.0/update/was/wasscanschedule/<id> 
(POST) 


/qps/rest/3.0/activate/was/wasscanschedule/<filt 
ers> (POST) 


Required: 

id (Integer) /Schedule ID 
Filters (optional): 

name (Text) 

webApp.id (Integer) 
webApp.name (Text) 
owner.id (Integer) 

type (VULNERABILITY, DISCOVERY) 
active (Boolean) 

invalid (Boolean) 
createdDate (Date) 
updatedDate (Date) 


= 


Deactivate an existing schedule 


/qps/rest/3.0/update/was/wasscanschedule/<id> 
(POST) 


/qps/rest/3.0/deactivate/was/wasscanschedule/<f 
ilters> (POST) 


Required: 

id (Integer) /Schedule ID 
Filters (optional): 

name (Text) 

webApp.id (Integer) 


webApp.name (Text) 

owner.id (Integer) 

type (VULNERABILITY, DISCOVERY) 
active (Boolean) 

invalid (Boolean) 

createdDate (Date) 

updatedDate (Date) 


Delete one or more existing schedules 


/qps/rest/3.0/delete/was/wasscanschedule/<id> 
(POST) 


/qps/rest/3.0/delete/was/wasscanschedule/<filter 
s> (POST) 


Required: 
id (Integer) /Schedule ID 


Filters (optional): 

name (Text) 

webApp.id (Integer) 

webApp.name (Text) 

owner.id (Integer) 

type (VULNERABILITY, DISCOVERY) 
active (Boolean) 

invalid (Boolean) 

createdDate (Date) 

updatedDate (Date) 


Download one or more schedules to 
¡Calendar 


/qps/rest/3.0/download/was/wasscanschedule/<i 
d> (POST) 


/qps/rest/3.0/download/was/wasscanschedule/<fi 
Iters> (POST) 


Filters (optional): 

name (Text) 

owner.id (Integer) 

createdDate (Date) 

active (Boolean) 

type (VULNERABILITY, DISCOVERY) 
webApp.name (Text) 

webApp.id (Integer) 

updatedDate (Date) 

invalid (Boolean) 


Option Profile 


Current option profile count 


/qps/rest/3.0/count/was/optionprofile (POST + 
GET) 


Filters (optional): 

id (Integer) 

name (Text) 

tags 

tags.id (Integer) 

tags.name (Text) 

createdDate (Date) 

updatedDate (Date) 

usedByWebApps (Boolean with operator: 
EQUALS, NOT EQUALS) 

usedBySchedules (Boolean with operator: 
EQUALS, NOT EQUALS) 

owner.id (Long with operator: EQUALS, IN, 
NOT EQUALS, GREATER, LESSER) 
owner.name 
EQUALS, NOT EQUALS) 
owner.username (text with operator: 
CONTAINS, EQUALS, NOT EQUALS) 


Search option profiles 


/qps/rest/3.0/search/was/optionprofile (POST) 


Filters (optional): 

id (Integer) 

name (Text) 

tags 

tags.id (Integer) 

tags.name (Text) 

createdDate (Date) 

updatedDate (Date) 

usedByWebApps (Boolean with operator: 

EQUALS, NOT EQUALS) 

usedBySchedules (Boolean with operator: 

EQUALS, NOT EQUALS) 

owner.id (Long with operator: EQUALS, IN, 

NOT EQUALS, GREATER, LESSER) 
owner.name 
EQUALS, NOT EQUALS) 

owner.username (text with operator: CONTAINS, 

EQUALS, NOT EQUALS) 


text with operator: CONTAINS, 


text with operator: CONTAINS, 
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Get details for an option profile 
/qps/rest/3.0/get/was/optionprofile/<id> (GET) 
Required: 
id (Integer) /Option profile ID 
Create a new option profile 
/qps/rest/3.0/create/was/optionprofile (POST) 
Required: 
name (Text) /Option profile name 
Update an option profile 


/qps/rest/3.0/update/was/optionprofile/<id> 
(POST) 


Required: 
id (Integer) /Option profile ID 


Delete an option profile 


/qps/rest/3.0/delete/was/optionprofile/<id> 
(POST) 


/qps/rest/3.0/delete/was/optionprofile (POST) 


Optional: 

name (Text) 

owner (Text) 

tags 

createdDate (Date) 
updatedDate (Date) 
usedByWebApps (Boolean) 
usedBySchedules (Boolean) 


Report 


Current report count 


/qps/rest/3.0/count/was/report (GET, POST) 


Filters (optional): 
id (Integer) 

name (Text) 
tags.id (Integer) 
tags.name (Text) 
creationDate (Date) 
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type (WAS_SCAN_REPORT, 
WAS_WEBAPP_REPORT, 
WAS_SCORECARD_REPORT, 
WAS_CATALOG_REPORT, 
DATALIST_REPORT) 

format (HTML_ZIPPED, HTML_BASE64, PDF, 
PDF_ENCRYPTED, CSV, XML, POWERPOINT, 
WORD) 

status (RUNNING, ERROR, COMPLETE) 


Search reports 


/qps/rest/3.0/search/was/report (POST) 


Filters (optional): 
id (Integer) 

name (Text) 

tags.id (Integer) 
tags.name (Text) 
creationDate (Date) 
type (Keyword) 
format (Keyword) 
status (Keyword 


Get details on a report 
/qps/rest/3.0/get/was/report/<id> (GET, POST) 


Required: 


id (Integer) /report ID 


Get report status 
/qps/rest/3.0/status/was/report/<id> (GET, POST) 


Required: 


id (Integer) /report ID 


Download a report 


/qps/rest/3.0/download/was/report/<id> (GET, 
POST) 


Required: 


id (Integer) /report ID 


Send an encrypted PDF report 
/qps/rest/3.0/send/was/report/<id> (POST) 


Required: 
id (Integer) /report ID 
distributionList (Text) 
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Update a report 
/qps/rest/3.0/update/was/report/<id> (POST) 


Required: 
id (Integer 
tags (Text) 
showPatched (applies to Web App Report, 
Scan Report only - SHOW_BOTH (is default), 
SHOW_ONLY, SHOW_NONE) 


/report ID 


Delete one or more reports 


/aps/rest/3.0/delete/was/report/<id> (POST) 
/qps/rest/3.0/delete/was/report/<filters> (POST) 


Required: 
id (Integer) /web application ID 


Filters (optional): 
name (Text) 

tags.id (Integer) 
tags.name (Text) 
creationDate (Date) 
type (Keyword) 
format (Keyword) 
status (Keyword) 


Report Creation 


Report Creation Request 
/qps/rest/3.0/create/was/report (POST) 


name (Text) 

type (WAS_SCAN_REPORT, 
WAS_WEBAPP_REPORT, 
WAS_SCORECARD_REPORT, 
WAS_CATALOG_REPORT) 

format (HTML_ZIPPED, HTML_BASE64, PDF, 
PDF_ENCRYPTED, CSV, XML, POWERPOINT) 
tags.id (Integer) 

tags. name (Text) 

password (Text) 

distribution List (*) 

config (one and only one subelement is 
required: webAppReport, scanReport, 
catalogReport, scorecardReport) 


Notes: (*) indicates data type. 


Web Application Report 


target.tags (Tag) 
target.tags.included.option (ALL or ANY), 
target.tags.included.tagList.Tag.id (Integer), 
target.webapps (WebApp)* 
filters.searchlists (SearchList)* 

filters.url (Text) 

filters.status (WebAppFindingStatus)* 
filters.remediation* 
showPatched (SHOW_ONLY, SHOW_NONE, 
SHOW_BOTH - default) 
target.scannerTags.set.Tag.id (Integer) 
target.tags.excluded.option (ALL or ANY) 
target.tags.excluded.tagList.Tag.id (Integer) 
display.contents (WebAppReportContent)* 
display.graphs (WebAppReportGraph)* 
display.groups (WebAppReportGroup)* 
display.options (rawLevels)* 


m 


Notes: (*) indicates data type. 


¡ The element target must have at least tags or 
web applications specified. 


Scan Report 


target.scans (WasScan)* 

filters.searchlists (SearchList)* 

filters.url (Text) 

filters.status (ScanFindingStatus)* 
filters.remediation (*) 

showPatched (SHOW_ONLY, SHOW_NONE, 
HOW_BOTH - default) 

splay.contents (ScanAppReportContent)* 
splay.graphs (ScanAppReportGraph)* 
splay.groups (ScanAppReportGroup)* 
splay.options (rawLevels)* 


pe pen 


Notes: (*) indicates data type. 


Scorecard Report 


target.tags (Tag)* 
target.tags.included.option (ALL or ANY), 
target.tags.included.tagList.Tag.id (Integer), 
filters.searchlists (SearchList)* 
filters.scanDate (DatetimeRange)* 
filters.scanStatus 
(WasScanConsolidatedStatus)* 


filters.scanAuthStatus (WasScanAuthStatus)* 
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target.scannerTags.set.Tag.id (Integer) 
target.tags.excluded.option (ALL or ANY) 
target.tags.excluded.tagList.Tag.id (Integer) 
display.contents (ScorecardReportContent)* 
display.graphs (ScorecardReportGraph)* 
display.groups (ScorecardReportGroup)* 
display.options (rawLevels)* 


Notes: (*) indicates data type. 


1 The element target must have at least tags or 
web applications specified 


Catalog Report 


filters.scanDate (DatetimeRange)* 
filters.url (Text) 

filters.ip (Text) 

filters.os (Text) 

filters.status (EntryStatus)* 
isplay.contents (WebAppReportContent)* 
splay.graphs (WebAppReportGraph)* 
splay.groups (WebAppReportGroup)* 
splay.options (rawLevels)* 


pp pp: 


Notes: (*) indicates data type. 


Report Template Count 


qps/rest/3.0/count/was/reporttemplate (POST) 
id (Integer) 
name (Text) 
type (Text) 
Search Report Template 
qps/rest/3.0/search/was/reporttemplate (POST) 


id (Integer) 
name (Text) 
type (Text) 


Get details of Report Template 


qps/rest/3.0/get/was/reporttemplate/<id> (GET) 


Required: 


id (Integer) /report template ID 
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Findings 


Current finding count 


/qps/rest/3.0/count/was/finding (POST) 


Filters (optional): 
id (Integer) 

qid (Integer) 
name (Text) 


type (VULNERABILITY, SENSITIVE_CONTENT, 


or INFORMATION_GATHERED) 

url (Text) 

webApp.tags.id (Integer) 
webApp.tags.name (Text) 

status (NEW, ACTIVE or REOPENED) 
patch (Integer-Long) 

webApp.id (Integer) 

webApp.name (Text) 

severity (Integer) 

externalRef (String) 

ignoredDate (Date) 

ignoredReason (FALSE_POSITIVE, 
RISK_ACCEPTED or NOT_APPLICABLE) 
group (XSS, SQL, INFO, PATH, CC, SSN_US or 
CUSTOM) 

owasp.name (Text) 

owasp.code (Integer) 

wasc.name (Text) 

wasc.code (Integer) 

cwe.id (Integer) 

firstDetectedDate (Date) 
lastDetectedDate (Date) 
lastTestedDate (Date) 
timesDetected (Integer) 


Search findings 
/qps/rest/3.0/search/was/finding (POST) 
Filters (optional): 
id (Integer) 
qid (Integer) 
name (Text) 


type (VULNERABILITY, SENSITIVE_CONTENT, 


or INFORMATION_GATHERED) 

url (Text) 

webApp.tags.id (Integer) 
webApp.tags.name (Text) 

status (NEW, ACTIVE or REOPENED) 
patch (Integer-Long) 
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webApp.id (Integer) 

webApp.name (Text) 

severity (Integer) 

externalRef (String) 

ignoredDate (Date) 

ignoredReason (FALSE_POSITIVE, 
RISK_ACCEPTED or NOT_APPLICABLE) 
group (Keyword: XSS, SQL, INFO, PATH, CC, 
SSN_US or CUSTOM) 

owasp.name (Text) 

owasp.code (Integer) 

wasc.name (Text) 

wasc.code (Integer) 

cwe.id (Integer) 

firstDetectedDate (Date) 
lastDetectedDate (Date) 
lastTestedDate (Date) 

timesDetected (Integer) 


Get details on a finding 
/qps/rest/3.0/get/was/finding/<id> (GET, POST) 


Required: 
id (Integer) /finding ID 


Ignore findings 
/qps/rest/3.0/ignore/was/finding (POST) 


Filters: 

id (Integer) 

qid (Integer) 

name (Text) 

type (VULNERABILITY, SENSITIVE_CONTENT, 
or INFORMATION_GATHERED) 

url (Text) 

webApp.tags.id (Integer) 
webApp.tags.name (Text) 

status (NEW, ACTIVE or REOPENED) 
webApp.id (Integer) 

webApp.name (Text) 

severity (Integer) 

ignoredDate (Date) 

ignoredReason (FALSE_POSITIVE, 
RISK_ACCEPTED or NOT_APPLICABLE) 
group (Keyword: XSS, SQL, INFO, PATH, CC, 
SSN_US or CUSTOM) 

owasp.name (Text) 

owasp.code (Integer) 

wasc.name (Text) 


wasc.code (Integer) 
cwe.id (Integer) 
firstDetectedDate (Date) 
lastDetectedDate (Date) 
lastTestedDate (Date) 
timesDetected (Integer) 


Activate findings 
/qps/rest/3.0/activate/was/finding/<id> (POST) 
/qps/rest/3.0/activate/was/finding/<findings> 
(POST) 

Filters: 

id (Integer) 

qid (Integer) 

name (Text) 


type (VULNERABILITY, SENSITIVE_CONTENT, 


or INFORMATION_GATHERED) 
url (Text) 
webApp.tags.id (Integer) 

webApp.tags.name (Text) 

status (NEW, ACTIVE or REOPENED) 
webApp.id (Integer) 

webApp.name (Text) 

severity (Integer) 

ignoredDate (Date) 

ignoredReason (FALSE_POSITIVE, 
RISK_ACCEPTED or NOT_APPLICABLE) 

group (XSS, SQL, INFO, PATH, CC, SSN_US or 
CUSTOM) 

owasp.name (Text) 

owasp.code (Integer) 

wasc.name (Text) 

wasc.code (Integer) 

cwe.id (Integer) 

firstDetectedDate (Date) 

lastDetectedDate (Date) 

lastTestedDate (Date) 

timesDetected (Integer) 


Edit findings severity 


/qps/rest/3.0/editSeverity/was/finding/<id> 
(POST) 
/qps/rest/3.0/editSeverity/was/finding/<findings> 
(POST) 

Filters: 

id (Integer) 
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new Severity level (1, 2, 3, 4, 5} (Integer) 
comments (Text) 


Restore findings severity 


/qps/rest/3.0/restoreSeverity/was/finding<id> 
(POST) 


Required: 

id (Integer) 
Retest findings 
/qps/rest/3.0/retest/was/finding/<id> 
/qps/rest/3.0/retest/was/finding/<findings> 
(POST) 


Required: 
id (Integer) 


Burp 


Import Burp Scan Reports 
/qps/rest/3.0/import/was/burp (POST) 


Required: 

webAppld (Integer) 

Burp Scanner Report in XML format 
Optional: 

purgeResults (Boolean) 
closeUnreportedIssues (Boolean) 
fileName (String) 
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Web Application Firewall 
API 


Use these API calls to manage web applications, 
clusters, and appliances. 


Web Applications | Web Servers | Healthchecks| SSL 
Certificates | Custom Response Pages | Security 
Policies | HTTP Profiles | Custom Rules] Clusters | 
Appliances 


Looking for more information? 


Qualys Web Application Firewall API User Guide 


Web Applications 


Current web application count 
/qps/rest/2.0/count/waf/webapp/ (GET) 


Get details on a web application 
/qps/rest/2.0/get/waf/webapp/<id> (GET) 


Required: 
id (Integer) /web application ID 


Search web applications 


/qps/rest/2.0/search/waf/webapp/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

url (Text) 

tags.tag.id (Long) 
tags.tag.name (Text) 
owner.id (Text 
owner.usemame (Text) 
owner.lastname (Text) 
created (Date) 
updated (Date 
urls.value (Text 
healthcheck.id (Long) 
healthcheck.uuid (UUID) 
healthcheck.name (Text) 
failureResponseCode (Long) 
webServer.id (Long) 
weberver.uuid (UUID) 


_ 
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webServername (Text) 
webServerTimeout (Long) 
certificate.id (Long) 
certificate.uuid (UUID) 
certificate.name (Text) 
status 

deployed (Date) 

synced (Date) 
blockingMode (Boolean) 
createdBy.id (Long) 
createdBy.username (Text) 
createdBy.firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy.firstname (Text) 
updatedBy.lastname (Text) 
custompage.id (Long) 
customPage.uuid (UUID) 
customPage.name (Text) 
securityPolicy.id (Long) 
securityPolicy.uuid (UUID) 
securityPolicy.name (Text) 
httpProfile.id (Long) 
httpProfile.uuid (UUID) 
httpProfile. name (Text) 
sslEnabled (Boolean) 
clusters.cluster.id (Long) 
clusters.cluster.name (Text) 
clusters.cluster.uuid (UUID) 
persistencyEnabled (Boolean) 
scanTrustEnabled (Boolean) 


Create web application 
/qps/rest/2.0/create/waf/webapp (POST) 


Required: 

name (Text) 

url (Text) 

webServer.id (Long) 
securityPolicy.id (Long) 
httpProfile.id (Long) 
updateSchedule.enabled (Boolean) 
Optional: 

Click here for WAF API User Guide 


Update web application 
/qps/rest/2.0/update/waf/webapp/<id> (POST) 
/qps/rest/2.0/update/waf/webapp (POST) 


Optional: 
name (Text) 


url (Text) 

webServer.id (Long) 
webServerTimeout (Long) 
securityProfile.id (Long) 

httpProfile.id (Long) 
persistencyEnabled (Boolean) 
persistencyToken 

healthcheck.id (Long) 
failureResponseCode (Long) 
certificate.id (Long) 

sslProtocols (Text) 

sslCiphers (Text) 

blockingMode (Boolean) 
customPage.id (Long) 
scanTrustEnabled (Boolean) 
customRules.CustomRule.id (Long) 
clusters.cluster.id (Long) 
astComment (Text) 
updateSchedule.enabled (Boolean) 
updateSchedule.weekDays (Text) 
updateSchedule.startTime (Integer) 
updateSchedule.timezone.code (Text) 
updateSchedule.timezone.offset (Text) 
updateSchedule.freezeEndDate (Date) 
urls 

urls.string (text 

tags 

Click here for WAF API User Guide 


Delete web application 
/qps/rest/2.0/delete/waf/webapp/<id> (POST) 


Required: 
id (Long) /web application ID 


Delete web applications (bulk) 
/qps/rest/2.0/delete/waf/webapp (POST) 


Filters (optional): 
see Search web applications 
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Web Servers 


Current web server count 
/qps/rest/2.0/count/waf/webserver/ (GET) 


Get details on a web server 
/qps/rest/2.0/get/waf/webserver/<id> (GET) 


Required: 
id (Integer) /web server ID 


Search web servers 
/qps/rest/2.0/search/waf/webserver/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 
loadBalancingAlgorithm (Text) 
addresses.url (Text) 
addresses.weight (Integer) 
owner.id (Long) 
owner.username (Text) 
owner. firstname (Text) 
owner.lastname (Text) 
created (Date) 

updated (date) 

createdBy.id (Long) 
createdBy.username (Text) 
createdBy.firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy. firstname (Text) 
updatedBy. lastname (Text) 
tags.tag.id (Long 
tags.tag. name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 
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Create web server 
/qps/rest/2.0/create/waf/webserver (POST) 


Required: 

name (Text) 
loadBalancingAlgorithm (Text) 
addresses. WebServerAddresses 
Optional: 

description (Text) 

tags 

tags.tag.id (Long) 
tags.tag.name (Text) 


Update web server 
/qps/rest/2.0/update/waf/webserver/<id> (POST) 
/qps/rest/2.0/update/waf/webserver (POST) 


Optional: 

name (Text) 

description (Text) 
loadBalancingAlgorithm (Text) 
addresses.WebServerAddress 
tags 


Delete web server 


/qps/rest/2.0/delete/waf/webserver/<id> (POST) 


Required: 
id (Long) /web server ID 


Delete web server (bulk) 
/qps/rest/2.0/delete/waf/webserver (POST) 
Filters (optional): 


see Search web servers 
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Healthchecks 


Current healthcheck count 
/qps/rest/2.0/count/waf/healthcheck/ (GET) 


Get details on a healthcheck 
/qps/rest/2.0/get/waf/healthcheck/<id> (GET) 


Required: 
id (Integer) /healthcheck ID 


Search healthchecks 
/qps/rest/2.0/search/waf/healthcheck/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 

method 

path (Text) 
expectedResponseCode (Long) 
intervalUp (Long) 
intervalDown (Long) 
intervalFlapping (Long) 
nbSuccessesUp (Long) 
nbFailuresDown (Long) 
timeout (Long) 

owner.id (Long) 
owner.usemame (Text) 
owner.firstname (Text) 
created (Date) 

updated (Date) 

createdBy.id (Long) 
createdBy.username (Text) 
createdBy.firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy.firstname (Text) 
updatedBy.lastname (Text) 
tags.tag.id (Long 
tags.tag. name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 


Create healthcheck 
/qps/rest/2.0/create/waf/healthcheck (POST) 


Required: 

name (Text) 

method 

path (Text) 
loadBalancingResponseCode (Long) 
intervalUp (Long) 
intervalDown (Long) 
intervalFlapping (Long) 
nbSuccessesUp (Long) 
nbFailuresDown (Long) 
timeout (Long) 
Optional: 

description (Text) 

tags 

tags.tag.id (Long) 
tags.tag. name (Text) 


Update healthcheck 


/qps/rest/2.0/update/waf/healthcheck/<id> 
(POST 
/qps/rest/2.0/update/waf/healthcheck (POST) 


Optional: 
name (Text) 

description (Text) 

method 

path (Text) 
expectedResponseCode (Long) 
intervalUp (Long) 
ntervalDown (Long) 
nbSuccessesUp (Long) 
nbFailuresDown (Long) 
timeout (Long) 

tags 


He 


Delete healthcheck 


/qps/rest/2.0/delete/waf/healthcheck/<id> (POST) 


Required: 
id (Long) /healthcheck ID 


Delete healthcheck (bulk) 
/qps/rest/2.0/delete/waf/healthcheck (POST) 
Filters (optional): 


see Search healthchecks 
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SSL Certificates 


Current SSL certificates count 
/qps/rest/2.0/count/waf/certificate/ (GET) 


Get details on SSL certificate 
/qps/rest/2.0/get/waf/certificate/<id> (GET) 


Required: 
id (Integer) /SSL certificate ID 


Search SSL certificates 
/qps/rest/2.0/search/waf/certificate/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 

owner.id (Long) 
owner.username (Text) 
owner. firstname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy. username (Text) 
createdBy. firstname (Text) 
createdBy lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy. firstname (Text) 
updatedBy. lastname (Text) 
tags.tag.id (Long 
tags.tag. name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 


Create SSL certificate 
/qps/rest/2.0/create/waf/certificate (POST) 


Required: 

name (Text) 
passphrase (Text) 
token (Text) 
Optional: 
description (Text) 
pkcs12 (Text 
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certificate (Text) 
privateKey (Text) 
chain (Text) 

tags 

tags.tag.id (Long) 
tags.tag.name (Text) 


Update SSL certificate 
/qps/rest/2.0/update/waf/certificate/<id> (POST) 
/qps/rest/2.0/update/waf/certificate (POST) 


Optional: 
name (Text) 


description (Text) 
pkcs12 (Text) 
certificate (TextO 
privateKey (Text) 
passphrase (Text) 
token (Text) 
chain (Text) 
tags 


Delete SSL certificate 
/qps/rest/2.0/delete/waf/certificate/<id> (POST) 


Required: 
id (Long) /SSL certificate ID 


Delete SSL certificate (bulk) 
/qps/rest/2.0/delete/waf/certificate (POST) 


Filters (optional): 
see Search SSL certificates 


Custom Response Pages 


Current custom response page count 
/qps/rest/2.0/count/waf/custompage/ (GET) 


Get details on custom response page 
/qps/rest/2.0/get/waf/custompage/<id> (GET) 


Required: 
id (Integer) /custom response page ID 


Search custom response pages 
/qps/rest/2.0/search/waf/custompage/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 

body (Text) 

owner.id (Long) 
owner.usemame (Text) 
owner.firstname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy.username (Text) 
createdBy.firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy.firstname (Text) 
updatedBy.lastname (Text) 
tags.tag.id (Long 
tags.tag.name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 


Create custom response page 
/qps/rest/2.0/create/waf/custompage (POST) 


Required: 
name (Text) 


body (Text) 
Optional: 
description (Text) 
tags 

tags.tag.id (Long) 
tags.tag.name (Text) 


Update custom response page 


/qps/rest/2.0/update/waf/custompage/<id> 
(POST) 


/qps/rest/2.0/update/waf/custompage (POST) 


Optional: 
name (Text) 


description (Text) 
body (Text) 
tags 


Delete custom response page 
/qps/rest/2.0/delete/waf/custompage/<id> (POST) 
Required: 
id (Long) /custom response page ID 
Delete custom response page (bulk) 
/qps/rest/2.0/delete/waf/custompage (POST) 


Filters (optional): 
see Search custom response pages 


Security Policies 


Current security policy count 
/qps/rest/2.0/count/waf/securitypolicy/ (GET) 


Get details on security policy 
/qps/rest/2.0/get/waf/securitypolicy/<id> (GET) 


Required: 
id (Integer) /security policy ID 


Search security policies 
/qps/rest/2.0/search/waf/securitypolicy/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 

system (Integer) 

owner.id (Long) 
owner.username (Text) 
owner. firstname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy.username (Text) 
createdBy. firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy.firstname (Text) 
updatedBy.lastname (Text) 
tags.tag.id (Long) 
tags.tag.name (Text) 
webApps.webApp.id (Long) 
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webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 


Create security policy 
/qps/rest/2.0/create/waf/securitypolicy (POST) 


Required: 
name (Text) 


Optional: 

description (Text) 

applicationSecurity (Keyword) 
threatLevel loggingThreshold (Integer) 
threatLevel blockingThreshold (Integer) 
tags 

tags.tag.id (Long) 

tags.tag.name (Text) 


Update security policy 


/qps/rest/2.0/update/waf/securitypolicy/<id> 
(POST) 


/qps/rest/2.0/update/waf/securitypolicy (POST) 


Optional: 

id (Integer) 

name (Text) 

description (Text) 

applicationSecurity (Keyword) 
threatLevel loggingThreshold (Integer) 
threatLevel blockingThreshold (Integer) 
tags 


Delete security policy 


/qps/rest/2.0/delete/waf/securitypolicy/<id> 
(POST) 


Required: 

id (Long) /security policy ID 
Delete security policy (bulk) 
/qps/rest/2.0/delete/waf/securitypolicy (POST) 


Filters (optional): 
see Search security policies 
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HTTP Profiles 


Current HTTP profile count 
/qps/rest/2.0/count/waf/httpprofile/ (GET) 


Get details on HTTP profile 
/qps/rest/2.0/get/waf/httpprofile/<id> (GET) 


Required: 
id (Integer) /HTTP profile ID 


Search HTTP profiles 


/qps/rest/2.0/search/waf/httpprofile/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 

system (Integer) 

owner.id (Long) 
owner.username (Text) 
owner. firstname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy username (Text) 
createdBy firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy. firstname (Text) 
updatedBy. lastname (Text) 
tags.tag.id (Long 
tags.tag.name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 


Create HTTP profile 
/qps/rest/2.0/create/waf/httpprofile (POST) 


Required: 

name (Text) 
requestMethod.allowAll -or- 
requestMethod.denyAll 
requestHeader 
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requestContentType.allowAll -or- 
requestContentType.denyAll 
detectProtocolAnomalies (Boolean) 
serverCloacking 
serverCloaking.value (Text) 
suppressSensitiveHeaders (Boolean) 
onErrorMessages (Keyword) 
onSensitiveFileTypes (Keyword) 
cookieProtection 
discourageContentTypeSniffing (Boolean) 
forceDefaultContentType (Keyword) 
forceDefaultContentType.value (Text) 
forceDefaultCharacterEncoding 
forceDefaultCharacterEncoding.value (Text) 
contentSecurityPolicyHeader 
contentSecurityPolicyHeader.value (Text) 
discourageClickjacking 
browserXSSPProtection 
webServiceProtection.xmlParsing.enabled 
(Boolean) 
webServiceProtection.jsonParsing.enabled 
(Boolean) 


mm. 


Optional: 
description (Text) 


reguestMethod.allowAll.detectInvalid 
(Boolean) 
reguestMethod.allowA..DetectTraceTrack 
(Boolean) 
requestHeader.detectInvalid (Boolean) 
requestHeader.detectRepeated (Boolean) 
requestHeader.detectChunked (Boolean) 
requestContentType.allowAll.detectFileUploa 
ds (Boolean) 

serverCloaking.enabled (Boolean) 
cookieProtection.type 
cookieProtection.value (Text) 
forceDefaultContentType.enabled (Boolean) 
forceDefaultCharacterEncoding.type 
Keyword) 
contentSecurityPolicyHeader.enabled 
Boolean) 
webServiceProtection.xmlParsing.size 
Integer 
webServiceProtection.xmlParsing.items 
Integer 
webServiceProtection.xmlParsing.level 
Integer 


webServiceProtection.jsonParsing.size 
Integer) 
webServiceProtection.jsonParsing.items 
Integer) 
webServiceProtection.jsonParsing. level 
Integer) 
tags 

tags.tag.id (Long) 

tags.tag.name (Text) 


Update HTTP profile 
/qps/rest/2.0/update/waf/httpprofile/<id> (POST) 
/qps/rest/2.0/update/waf/httpprofile (POST) 


Optional: 
see Create HTTP profile 


Delete HTTP profile 
/qps/rest/2.0/delete/waf/httpprofile/<id> (POST) 


Required: 
id (Long) /HTTP profile ID 


Delete HTTP profile (bulk) 
/qps/rest/2.0/delete/waf/httpprofile (POST) 


Filters (optional): 
see Search HTTP profiles 


Custom Rules 


Current custom rule count 
/qps/rest/2.0/count/waf/customrule (GET) 


Get details on custom rule 
/qps/rest/2.0/get/waf/customrule/<id> (GET) 


Required: 
id (Integer) /custom rule ID 


Search custom rules 


/qps/rest/2.0/search/waf/customrule/ (POST) 


Filters (optional): 
id (Long) 

uuid (UUID) 
name (Text) 
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description (Text) 

owner.id (Long) 
owner.username (Text) 
owner. firstname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy.username (Text) 
createdBy. firstname (Text) 
createdBy.lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy. firstname (Text) 
updatedBy. lastname (Text) 
tags.tag.id (Long) 

tags.tag. name (Text) 


Create custom rule 
/qps/rest/2.0/create/waf/customrule (POST) 


Required: 
name (Text) 


conditions 

action 

Optional: 
description (Text) 
tags 

tags.tag.id (Long) 
tags.tag. name (Text) 


Update custom rule 
/qps/rest/2.0/update/waf/customrule/<id> (POST) 
/qps/rest/2.0/update/waf/customrule (POST) 


Optional: 
name (Text) 


description (Text) 
conditions 

action 

tags 


Delete custom rule 


/qps/rest/2.0/delete/waf/customrule/<id> (POST) 


Required: 
id (Long) /custom rule ID 
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Delete custom rule (bulk) 


/qps/rest/2.0/delete/waf/customrule (POST) 


Filters (optional): 
see Search custom response pages 


Clusters 


Current cluster count 
/qps/rest/2.0/count/waf/cluster (GET) 


Get details on clusters 
/qps/rest/2.0/get/waf/cluster/<id> (GET) 


Required: 
id (Integer) /cluster ID 


Search clusters 
/qps/rest/2.0/search/waf/cluster (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 

description (Text) 
tags.tag.id (Long) 

tags.tag- name (Text) 
owner.id (Long) 
owner.usemame (Text) 
owner.firstname (Text) 
owner.lastname (Text) 
created (Date) 

updated (Date) 
createdBy.id (Long) 
createdBy.username (Text) 
createdBy firstname (Text) 
createdBy. lastname (Text) 
updatedBy.id (Long) 
updatedBy.username (Text) 
updatedBy. firstname (Text) 
updatedBy. lastname (Text) 
token (Text) 

syncDate (Date) 

status (Text) 
deploymentStatus (Text) 
deployed (Date) 
errorResponse.action 
errorResponse.customPage.id (Long) 


errorResponse.customPage.uuid (UUID) 
errorResponse.redirect.url (TextO 
errorResponse.redirect.status (Long) 
appliances.appliance.id. (Long) 
appliances.appliance.uuid. (UUID) 
appliances.appliance.name (Text) 
webApps.webApp.id (Long) 
webApps.webApp.uuid (UUID) 
webApps.webApp.name (Text) 

trusted IPs.string (Text) 


Create cluster 
/qps/rest/2.0/create/waf/cluster (POST) 


Required: 

name (Text) 

Optional: 

Click here for WAF API User Guide 


Update cluster 


/qps/rest/2.0/update/waf/cluster/<id> (POST) 
/qps/rest/2.0/update/waf/cluster (POST) 


Optional: 
name (Text 
description (Text) 

errorResponse 

errorResponse.block 
errorResponse.redirect.url (Text) 
errorResponse.redirect.status (Long) 
errorResonse.customPage.id (Long) 
errorResponse.customPage.uuid (UUID) 
errorResponse.customPage.name (Text) 
tags 

trustedIPs.string (Text) 


Delete cluster 
/qps/rest/2.0/delete/waf/cluster/<id> (POST) 


Required: 
id (Integer) /cluster ID 


Delete clusters (bulk) 
/qps/rest/2.0/delete/waf/cluster (POST) 
Filters (optional): 


see Search clusters 


Appliances 


Current appliance count 
/qps/rest/2.0/count/waf/appliance (GET) 


Get details on appliance 
/qps/rest/2.0/get/waf/appliance/<id> (GET) 


Required: 
id (Integer) /appliance ID 


Search appliances 
/qps/rest/2.0/search/waf/appliance (POST) 


Optional: 

id (Long) 

uuid (UUID) 

name (Text) 

hostname (Text) 

lastPollDate 

applianceCreated 
applianceVersion (Text) 
status (Long) 

pollStatus 
heartbeatGenerated 
heartbeatProcessed 

systemOs (Text) 

systemRam (Long) 
systemType (Text) 
systemEc2Instanceld (Text) 
systemEc2InstanceType (Text) 
systemEc2Amild (Text) 
systemCpusCount (Long) 
systemCpusCores (Long) 
systemCpusSpeed (Float) 
systemCpusModel (Text) 
configRulesVersion (Text) 
configVersion (Text) 
configGenerated 

ip (Text) 
cluster.id (Long) 
cluster.uuid (UUID) 
cluster.name (Text) 
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Delete appliance 
/qps/rest/2.0/delete/waf/appliance/<id> (POST) 


Required: 
id (Long) /appliance ID 


Qualys API Quick Reference Guide 
Malware Detection API 


Malware Detection API 


Use these API calls to get information about 
malware detections. 


Malware Detections 
Looking for more information? 


Qualys Malware Detection API User Guide 


Malware Detections 


Current malware detections 
/qps/rest/1.0/download/md/detection (POST) 


Required: 
format (csv|cef) 


Filters (optional): 

id (Integer) 

qid (Integer) 

url (Text) 

type (Keyword ie BEHAVIORAL) 
showDeactivatedSite (Boolean) 
severity (Keyword i.e. HIGH) 


Search malware detections 
/qps/rest/1.0/search/md/detection (POST) 


Filters: 

id (Integer) 

qid (Integer) 

type (Keyword ie BEHAVIORAL) 
showDeactivatedSite (Boolean) 
severity (Keyword i.e. HIGH) 


Get details on malware detection 
/qps/rest/1.0/get/md/detection/<id> (GET, POST) 


Required: 
id (Integer) /malware detection ID 
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Security Assessment 
Questionnaire API 


Use these API calls to manage SAQ users and 
templates. 


SAQ users | SAQ templates 


Looking for more information? 


Qualys Security Assessment Questionnaire API User 


Guide 


SAQ users 


Current user count 
/qps/rest/1.0/count/saq/user/ (GET, POST) 


Filters (optional): 

id (Integer) /user ID 
uuid (Integer) 
firstName (Text) 
lastName (Text) 
company (Text) 

title (Text) 
emailAddress (Text) 
userName (Text) 
tags.tag.id (Text) 
tags.tag. name (Text) 


Get details on user 
/qps/rest/1.0/get/saq/user/ <id> (GET) 


Required: 
id (Integer) /user ID 


Search users 
/qps/rest/1.0/search/saq/user/ (POST) 


Filters (optional): 

id (Integer) /user ID 
uuid (Integer) 
firstName (Text) 
lastName (Text) 
company (Text) 

title (Text) 
emailAddress (Text) 
userName (Text) 
tags.tag.id (Integer) 
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tags.tag.name (Text) 


Create user 
/qps/rest/1.0/create/sag/user/ (POST) 


Required: 

firstName (Text) 
lastName (Text) 
company (Text) 
emailAddress (Text) 
Optional: 

title (Text) 

tags (List) 

tags.tag.id (Integer 
tags.tag.name (Text)) 


Update user 
/qps/rest/1.0/update/sag/user/<id> (POST) 
/qps/rest/1.0/update/sag/user/ (POST) 


Required to update single user: 
id (Integer) /user ID 

Optional: 
firstName (Text) 
astName (Text) 
company (Text) 
emailAddress (Text) 

title (Text) 

tags (List) 

tags.tag.id (Integer 
tags.tag.name (Text) 
Optional for bulk update: 
id (Integer) 

uuid (Integer) 


Delete user 
/qps/rest/1.0/delete/sag/user/<id> (POST) 


Required: 
id (Long) /user ID 


Delete users (bulk) 
/qps/rest/1.0/delete/sag/user/ (POST) 
Filters (optional): 


see Search users 
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SAQ templates 


Current library template count 


/qps/rest/1.0/count/saq/librarytemplate/ 
(GET, POST) 


Filters (optional): 

id (Integer) /library template ID 
uuid (Integer) 

name (Text) 

description (Text) 

category (Text) 

familyld (Integer) 

revision (Integer) 

isLibrary (Boolean) 

questionCnt (Integer) 

state (Text 


Get details on library template 
/qps/rest/1.0/get/saq/librarytemplate/ <id> (GET) 


Required: 
id (Integer) /library template ID 


Search library templates 
/qps/rest/1.0/search/saq/librarytemplate/ (POST) 


Filters (optional): 

id (Long) 

uuid (UUID) 

name (Text) 
description (Text) 
category (Text) 
familyld (Integer) 
revision (Integer) 
isLibrary (Boolean) 
questionCnt (Integer) 
state (Text 


Current template count 


/qps/rest/1.0/count/saq/template/ (GET, POST) 


Filters (optional): 

id (Integer) /template ID 
uuid (Integer) 

name (Text) 

description (Text) 
category (Text) 

familyld (Integer) 
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revision (Integer) 
isLibrary (Boolean) 
questionCnt (Integer) 
state (Text) 


Get details on template 
/qps/rest/1.0/get/saq/template/ <id> (GET) 


Required: 
id (Integer) /template ID 


Search templates 


/qps/rest/1.0/search/saq/template/ (POST) 


Filters (optional): 

id (Integer) /template ID 
uuid (Integer) 

name (Text) 

description (Text) 
category (Text) 

familyld (Integer) 
revision (Integer) 
isLibrary (Boolean) 
questionCnt (Integer) 
state (Text 


> 


Create template from library 


/qps/rest/1.0/createfromlibrary/saq/template/ 
(POST) 


Required: 

id (Integer) /library template ID 
Create template 
/qps/rest/1.0/create/saq/template/ (POST) 


Several required and optional elements are 
supported 
Click here for SAQ API User Guide 


Update template 
/qps/rest/1.0/update/saq/template/<id> (POST) 
/qps/rest/1.0/update/saq/template/ (POST) 


Required to update single template: 
id (Integer) /library template ID 


Several optional elements are supported 
Click here for SAQ API User Guide 


Create new version of existing 
template 


/qps/rest/1.0/newversion/saq/template/<id> 
(POST) 


Required: 
id (Long) /template ID 


Publish template 
/qps/rest/1.0/publish/saq/template/<id> (POST) 


Required: 
id (Long) /template ID 


Delete template 
/qps/rest/1.0/delete/saq/template/<id> (POST) 


Required: 
id (Long) /template ID 


Delete template (bulk) 
/qps/rest/1.0/delete/saq/template/ (POST) 
Filters (optional): 


see Search library templates 


69 


Qualys API Quick Reference Guide 
Security Assessment Questionnaire API 


Qualys API Quick Reference Guide 
Portal version API 


Portal version API 


Find out the version of Portal and its sub-modules 
(in your subscription). 


Portal version 
/qps/rest/portal/version (GET) 


Returns the version information based on the 
username supplied in the request. 


70 


API Server URL 


Qualys API Server URL 


The Qualys API URL you should use for API 
requests depends on the Qualys platform where 
your account is located. 


Click here to identify your Qualys platform and 
get the API URL 


Still need help? 


You can easily find the API server URL to use. Just 


log in to your Qualys account. 


Go to Help > About. 


[ Help w | 
Get Started 


Online Help 


Resources 


Training 


About 


w | Logout 


Contact Support 
Account Info 


You'll see the API Server URL for your account 
under Security Operations Center (SOC). 


General Information 


Qualys Web Service 

Application Version: 

Online Help Version 

SCAP Module Version 

Qualys External Scanners 
Security Operations Center (SOC) 


Scanner Version: 

Vulnerability Signature Version 
Scanner Services 

Qualys Scanner Appliances 
Security Operations Center (SOC) 


10.0.0.1-1 
10.0.18-5 
1:2 


64.39.96.0/20 (64.39.96.1-64.39.111.254) 
2602:FDAA:0:2108::/64 
2600:0C02:1020:2881::/64 
2600:C08:2015:4400::/64 
2600:0C02:1020:2111::/64 
2600:0C02:1020:2224::/64 

11.9.22-1 

2.4.896-3 

3.3.3.3-1 


- qualysguard.qg2.apps.qualys.com:443 
- qgadmin.qg2.apps.qualys.com:443 


- distribution.qg2.apps.qualys.com:443 
- monitoring.qg2.apps.qualys.com:443 
- scanservice1.gg2.apps.gualys.com:443 
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Good to Know 


Good to Know 


Notations 


Required attributes are in bold. For example 
“ref={value} indicates a required parameter. 


Defaults are underlined. For example (0/1) 
indicates “O” is the default value for the Boolean 
attribute. 


GET and POST 


Functions support the GET method only, the POST 
method only or both GET and POST as indicated. 


Date/Time 


Date/time format is YYYY-MM-DD[THH:MM:SSZ] 
where time is optional. 


API Notes 


1) Authentication is performed using basic auth 
(using API v1 or APIv2) or session-based 
authentication (API v2 only) by the SSL socket 
connection. 


2) There are known limits for the amount of data 
that can be sent using the GET method. These 
limits are dependent on the toolkit used. There is 
no fundamental limit with sending data using the 
POST method. 


3) Variables and values must be URL-encoded. 


4) Returned XML responses usually include 
numeric error codes. 


5) UTF-8 encoding is used internally and for the 
retumed XML. 


6) Role-based privileges (Manager, Scanner, and 
eader) apply to most API calls. 


Blanks in “string type values” can be encoded as 
us characters(+). 


R 
7 
P 
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Curl Client 


Use the curl client to issue API requests directly 
from the Linux Command Line. 


Example using basic authentication (example 
uses Qualys US Platform 1): 


curl -s -k -H “X-Requested-With: curl demoapp’ — 
u username:password 
‘https://{$SERVER}.qualys.com/api/2.0/fo/scan/?ac 
tion=list’ 

Example using session based authentication 
example uses Qualys US Platform 1): 


curl -s -k -H 'X-Requested-With: curl demoapp' -D 
headers.15 -b 'QualysSession=SESSION_ID; 

path=/api; secure’ 
‘https://{$SERVER}.qualys.com/api 
tion=list' 


/2.0/fo/scan/?ac 


See the curl(1) man page for further details. 


Allowed Operators 


Supported using the following APIs: Asset 
Management and Tagging, Cloud Agent, 
Continuous Monitoring, Malware Detection, Web 
Application Firewall, Web Application Scanning. 


Allowed Operators 


Integer EQUALS, NOT EQUALS, 
GREATER, LESSER, IN 

Text CONTAINS, EQUALS, NOT 
EQUALS 

Date EQUALS, NOT EQUALS, 
GREATER, LESSER 

Keyword EQUALS, NOT EQUALS, IN 

Boolean (true/false) EQUALS, NOT 
EQUALS 


Looking for more? 


Click here for all our current API User Guides 


